+31 20 2101 538
info@trueson.com
BOOK A DEMO

PRIVACY STATEMENT FROM TRUESON B.V.

Dated: 2025/12/09

Introduction

Trueson wants to optimally protect your privacy. In this privacy statement you can read which personal data Trueson collects from you and how it is processesed. This privacy statement applies to personal data that is processed by the Trueson website and the websites of the companies that are part of the Trueson group. Trueson uses the personal data you share with us to further improve our products and services and your experience.

This privacy statement is intended to provide you with a clear overview of how Trueson uses the personal data you provide, your rights and possibilities to manage your personal data and how Trueson protects your privacy. It also states which personal data Trueson collects when you visit its websites or stores or use its apps, information and software products, as well as how Trueson uses your personal data and with which third parties these data are shared.In this privacy statement you can also find out for what purposes your personal data can be used by Trueson or its associated companies. it.

Amendments

Trueson reserves the right to make changes to its privacy statement, for example due to legislative changes. The most recent version can always be found on this page.

Contact information

Trueson is established in Amsterdam. The general email address is: info@trueson.com. For all correspondence concerning privacy-related matters, please contact the privacy officer of Trueson which you can contact via dpo@trueson.com or by telephone +31 20 210 1538.

By email:
Trueson
Data Protection Officer: Martijn Veltenaar

This privacy statement has been updated on 9th December 2025.

Trueson as controller

Where Trueson acts as a controller, and thus determines the purpose and means for the processing of personal data, the provisions of this privacy statement apply. If reference is made in the following to Trueson, this also means its subsidiaries. These subsidiaries of Trueson are established in France  and Vietnam and can be responsible for the processing of your personal data if you use the services of that company in these countries.

Introduction and scope of this privacy statement

Trueson uses the personal data you share with us to improve our products and services and to offer you an optimal experience. By means of this privacy statement Trueson gives you insight into how it uses your personal data, protects and offers you the possibility to manage your personal data yourself. Insight is given into what personal data is collected about you when you visit our websites or make use of our services and products, apps and applications, and with which third parties Trueson shares your personal data. Trueson uses your personal data for the purposes described below. 

Personal data collected about you

The term “personal data” as used in this privacy statement covers all information about an identified or identifiable natural person, in particular by means of an identifier such as a name, an identification number, location data, an online identifier or one or more elements that are characteristic. for the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person, which Trueson has. Trueson collects various types of personal data and sometimes special categories of personal data (such as about your health and other sensitive data) about you, including the following (if applicable):

Registration data

If you register for a Trueson account, you will be asked to enter your name, e-mail address, , date of birth and password.

Use of Trueson products and services

If you use the products and services of Trueson, you may be asked to enter personal data such as:

  • your postal address and payment details if you order products or services in an online store;
  • your date of birth and / or confirmation that you are of age;
  • your e-mail address when signing up for promotions or newsletters;
  • a file of mutual correspondence (including any feedback you have provided about certain products or services) if you have had contact with customer service.

If certain data are requested, it will be further explained what data is required to use the specific product or service. You are free to provide this information, you are not obliged to do so.

Specific apps

If you use apps offered by Trueson with which you can upload and / or save certain data, your personal data may be requested, for example:
interest areas;

Location

In the event that this is required by law, you will be asked in advance for your consent to use certain categories of personal data.

Platform, forum of Community

If you join a platform, forum or community, you will be asked for standard personal information such as your name, e-mail address and date of birth. When you are logged in, you are free to provide additional personal information to us, such as your interests and preferences. If you take part in or promotions, you may be asked for additional personal information, such as your postal address so that you can receive a prize.

Registration with Social Media

you choose to create an account via social media (such as Facebook, Instagram or Twitter), your login data will be imported via your account. The following personal data are collected then collected:

your registration details.

Trueson will also be able to receive certain items via the social network. This type of data is not requested by Trueson itself, but with a public profile according to the conditions of use of the social network provided through the network through registration on social media.

Trueson will not use such data without your consent.

Automatically collected information

Trueson also collects personal data through the use of its websites and apps for example:

Websites: data about your visit and surfing behavior. When you visit one of the Trueson websites, data is sent from your browser to its servers. Thus, Trueson collects personal data such as:

  • your IP address;
  • date, time and duration of the visit;
  • the referral URL (the site where the visitor came from);
  • the pages visited on our website;
  • and information about the device and browser (such as browser type and version, operating system, etc.

Cookies and similar techniques: Trueson and its partners apply techniques to collect and store data during your visit to and use of its websites, such as sending one or more cookies or other similar techniques to your device. On the Trueson Cookie page you can find more information about the use of cookies and other similar techniques and how to disable them.

Location data: If you use a service on a mobile device where your location is enabled, we will give you a prior notice for permission to collect and process your current location data, for example via GPS signals sent by a mobile device. You can usually disable the sending of your location via the settings of your device. We always inform you when we use location data.

Sources of information

Most of the personal data that Trueson collects about you is information that you provided voluntarily, for example through our websites, services or products, etc. Other sources through which your personal data are obtained:

  • other parts of Trueson; and
  • third parties (such as credit rating agencies, law enforcement / regulatory bodies etc.), which can also provide publicly available source data.

Trueson will provide you with a copy of the personal data processed in this context.

Use of Artificial Intelligence (AI)

We use Artificial Intelligence (AI) technologies to support and improve our services. This may include functions such as data analysis, customer support, content generation, and process automation.
When AI tools are used, we do so in accordance with the principles and requirements of the Dutch Privacy Law and EU GDPR, ensuring that:

Lawful basis for processing: Any personal data processed by AI systems is handled under a lawful basis as defined by Article 6 of the GDPR (for example, contractual necessity, legitimate interests, or consent).

Data minimisation: We only input the minimum amount of personal data necessary to achieve the stated purpose.

Human oversight: AI outputs are reviewed and validated by authorised personnel. We do not rely solely on automated decision-making that produces legal or similarly significant effects on individuals without human intervention (as set out in Article 22 GDPR).

Transparency: We are open about when and how AI technologies are used in delivering our services.

Security: We implement technical and organisational measures to protect any personal data processed by AI tools, including pseudonymisation, encryption, and strict access controls.

Third-party providers: Where external AI service providers are engaged, they act as data processors under our instructions and are bound by data protection agreements ensuring compliance with GDPR requirements.

Use of your personal data

The personal data that Trueson collects, for example when you register for the website, are used for identification and authentication. Trueson creates a profile for you with the information required to provide you with products or services. These can also be combined with personal data obtained through other internal and external sources. This personal data can be used for the following purposes:

Improvement of products and services: your personal data are processed to create a profile of you with the aim of understanding how you use our products and services, enabling Trueson to develop better and more relevant products and services and to improve the website (s). Processing in this way is necessary for the legitimate interest of Trueson to offer better products and services to you and other customers.

Processing orders: personal data (name, address and payment details) are used to process your order, deliver and inform you about the order status. Your age (birth date) is used to determine whether you meet the minimum age to make purchases online and to check whether you are considered a minor under the law. Processing in this way is necessary for the legitimate interest of Trueson to be able to execute a contract with you.

Providing customer service: in case of contact with customer service, personal data are processed, for example your order data and contact history, in order to process your request and provide service. The legality of this processing lies in the necessity of processing for the execution of a contract with a company of Trueson or if we have to comply with a legal obligation. If there is no necessity on the basis of any of these grounds, processing is deemed necessary for the purposes of the legitimate interest of Trueson to ensure that the best possible service is provided.

Preventing misuse and fraud: your personal data is used to assess your creditworthiness and prevent fraud and sometimes it is necessary to provide your personal data to our credit rating agencies. Processing in this way is necessary for the legitimate interest of Trueson to avoid becoming a victim of fraud.
Participation in communities and forums: your personal data will be used to offer you the products and services you want, such as offers, membership of Trueson communities, conferences, webinars, events, applications and apps. Processing in this way is necessary for the legitimate interest of Trueson to ensure that a good service is offered.

Apps: If you download an app offered by Trueson, only special categories of personal data will be collected if your explicit consent has been obtained, as required by law. Personal and sensitive data obtained through the app are collected from your device and stored on Trueson ‘s servers to provide you with the services you expect when using the relevant app as required to perform your contract with Trueson. Insofar as this type of data is processed, this is done on the basis of your permission to receive these services.

Social networks: the use of your credentials for social networks, such as your login details for Facebook, to create your Trueson account and to sign up for this. If you use this, Trueson will limit the use of public profile information to what is necessary for the performance of your agreement with Trueson. Non-relevant data obtained via the social network is removed. Processing in this way is necessary for the legitimate interest of Trueson to ensure that correct files are available about you. If you provide additional information, these will be used according to the purposes and grounds stated in this privacy statement.

Marketing: If you register for newsletters, create accounts, become a member of a community, use the website, use an app, purchase online products or services or provide feedback on this, a profile of you is created. Processing in this way is necessary for the legitimate interest of Trueson to generate propper files about you. Your profile will be created in accordance with your preferences to provide you with a good personalized experience, to send you personalized marketing messages and newsletters and for surveys. The way in which your personal data are used for these purposes is described below.

What information: the way in which you communicate with Trueson via the channels described above and the data collected through each of these channels, provides information about your interests and preferences, which can be analyzed and supplemented with third party data, with aim to offer you the best possible offers and services (this is also called profiling). You can choose to opt out of the profiling that takes place via your account settings page or by contacting Trueson. Your personal data is sometimes combined with data from other people, so that extensive reports can be compiled on how customers use products and services and how they experience the brand. Processing in this way is necessary for the legitimate interest of Trueson to determine how service provision can be improved.

Types of channels: direct marketing messages are sent to you via e-mail, telephone or social media.

Retargeting: Trueson websites and apps can use techniques for retargeting, with the aim of showing visitors, who were already interested in the products and / or services, advertisements on partner websites. As far as retargeting takes place, this is done on the basis of your explicit consent.

Advertisements: collaborates with external partners, such as SSPs and DSPs that use tracking techniques to place advertisements on behalf of Trueson on the internet. These partners collect personal information about your visits to websites or apps of Trueson and your interaction in relation to, for example, advertisements. They will only collect this data insofar as you have given permission for the placing of cookies for marketing purposes. See also the cookie policy.

Quality of data, profiling: if your personal data has been obtained through various sources, this data will be merged in certain cases to improve your understanding of your products and services (for example, data that you have provided directly, can be combined with data which are collected automatically, such as metadata, IP addresses, browse data, information obtained lawfully from third parties, and the like). This can be used to send you more personalized marketing messages or to create more effective marketing campaigns. Processing in this way is necessary for the legitimate interest of Trueson to ensure that you receive the most appropriate offers of its products and to personalize your experience. You can opt out of combining personal data with the information obtained from other sources by contacting Trueson.
Analyses: personal data of you are used to perform analyses and investigations. Processing in this way is necessary for the legitimate interest of Trueson to better understand customers and to ensure that services meet the needs of its customers. This concerns analyses, in which data (such as personal data and / or sensitive data obtained through the use of a Trueson app or browsing history) are combined and stored to:

a) learn more about customers and preferences;
b) identify patterns and trends;
c) to be able to deliver data, content and offers that are tailored to customer needs;
d) for general research and statistical purposes;
e) develop new products and services;
f)  to monitor the performance of products and services and / or to improve the use of used technology;
g)  send personalized marketing messages;
h)  to show you online advertisements

Analysis of Trueson itself: by anonymizing your personal data and merging with other personal data of customers, analyzing the sales, supply chain and finances, determining how Trueson performs and where improvements can be made. Processing of personal data in this way is necessary for the legitimate interest of Trueson to measure how it performs and to determine how to improve it.
Trueson will ask you for permission if it wishes to use your personal data for purposes other than those stated in this privacy statement. Trueson will not use your personal data for other purposes before such permission is received.

Providing personal data?

Trueson treats your personal information carefully and confidentially and does not share it with others other than those listed below.

Business units of Trueson

Each business unit of the Trueson with whom you have contact may share a limited part of the personal data you provide with registration (if your name, e-mail address, password and date of birth) with other components of Trueson for registration and authentication purposes. Processing in this way is necessary for the legitimate interest of Trueson to be able to execute a contract with you. Each business unit may share information from your profile with other entities of Trueson if both entities are responsible for your personal data, or if the other entities act as our processors. Therefore, every part of the Trueson group has access to all the data it is responsible for, so that it can comply with the law. Each part of the Trueson group may share your personal data and anonymous and assembled data with other business units of Trueson (such as the parent company of the group and / or if necessary other parts of Trueson for trend analyzes, is necessary for the purposes of their legitimate interest in analyzing their performance.

With service providers

Personal data, which you provide when you register for registration with Trueson (your name, email address, password and date of birth), can only share Trueson with suppliers of cloud services, so that you can log in quickly and anywhere. If necessary, your personal data will also be shared with third parties who process your personal data on behalf of Trueson solely for the purposes and on the legitimate grounds described above. These can be third parties in the areas of hosting, transport, payment and fraud management, credit rating agencies and analysis platforms. Strict agreements have been reached with these third parties regarding the processing of your personal data, including the exclusive use of your personal data in accordance with the instructions of Trueson and the law.

With social networks

In certain situations, plug-ins are offered from various social networks. If you choose to communicate with a social network, such as Facebook or Twitter (for example when creating an account), your activities on the Trueson website or apps will also be made available on that social network. Processing in this way is necessary for our legitimate interest in enabling interaction with a social network. Based on your privacy settings, your data can be added to your corresponding profile on this network. If you wish to prevent this, you must log out of your social network before using one of our websites or apps. You can also change the privacy settings of the app if possible. Read the privacy policies of relevant social networks for comprehensive information about collecting and transferring personal data, what rights you have, and how to tailor appropriate privacy settings to your needs.

Judicial bodies or supervising authorities

Trueson will release personal data if required by law or on the basis of a court decision, to protect your interests, for investigations by law enforcement or regulatory authorities, to protect and defend the property and legal rights of Trueson and to ensure the personal safety of users of the Trueson services.

Technical and organizational security

Trueson shall ensure that appropriate technical and organizational security measures are implemented to protect your personal data against unauthorized or unlawful processing and unintentional loss, destruction or damage.

Retention periods

Trueson will keep your personal data two years from your last contact with us, such as the date your account was deleted, your last purchase, the last time you used one of our apps, or in any other way of interaction or contact, unless a longer or shorter storage period is required by law, this is necessary in connection with legal processes, or is otherwise required for a particular purpose under the applicable legislation.

Below are examples to indicate how long Trueson stores your personal data in relation to a specific purpose:

  • Personal data obtained upon purchase are retained as required by tax laws (eg 7 years in the Netherlands);
  • If you request to delete your personal data, Trueson will try to delete your personal data within a maximum of one month after the request date;
  • Personal data relating to promotions will not be retained for more than one month after the end of the offer.

Data processing outside the EU and EEA

Unless otherwise stated, your personal data will be stored and processed within the European Union. Occasionally, your personal data may be processed outside the European Economic Area (‘EEA’) in a country that does not offer the same level of protection under European law as the country where you normally use your products and / or services. This may occur, for example, if a processor is located outside the EEA, or uses sub-processors from outside the EEA, such as suppliers of cloud solutions. Trueson will take the necessary steps in such cases to ensure that your personal data are adequately protected, such as carrying out security assessments and drawing up processor agreements with recipients to ensure that they take the same or comparable technical and organizational measures as Trueson, so that your data is adequately protected.

Consent

If your consent has been obtained in connection with the processing of your personal data (for example your permission to receive direct marketing messages or for placing cookies on your device), you can withdraw this consent at any time by contacting the contact details or by changing your cookie preferences.

Your rights

Trueson fully complies with the obligations laid down in the General Data Protection Regulation, with the principle of transparency as paramount. To this end, Trueson has implemented means to ensure that you can exercise any rights in connection with the processing of your personal data.

Children’s data

Trueson does not, as data controller, process any personal data of children under the age of 16. If this happens unintentionally, steps will be taken to remove this data as quickly as possible, unless the law requires that this data must be retained. If it is known that a child is older than 16 years, but according to the law is considered as a minor, permission from the parent / guardian will be requested before the personal details of that child will be used.

Right of inspection, rectification, removal

If you use products or services or have created an account, you can view your personal data via these websites, if the functionality exists. If your personal data are not available by the relevant website, you can submit an application free of charge to gain access to this information.

Upon receipt of your request and details to verify your identity, you will be provided with a copy of the personal data held by you, the origin of the data, the purposes for which the personal data are used, the recipients and on which you based the law. You can also indicate that certain changes in personal data, if you qualify them as incorrect or irrelevant, must be implemented. You can also have your personal data blocked, erased or completely deleted (right to be forgotten). You may also contact us in writing to object to a certain use of your personal data, to limit its use or to request that your personal data be provided in a usable electronic format or to transfer it to a third party (right to data portability). All these applications are met by Trueson within the framework of the legal obligations.

Unsubscribe for marketing messages

If you want to unsubscribe from receiving direct marketing messages from Trueson, you can use the unsubscribe link in the messages you have received. You can also contact the data protection officer of Trueson, by telephone via +31 20 210 1538.

TECHNICAL AND ORGANIZATIONAL SAFETY MEASURES

Introduction

Trueson under art. 28 AVG has the obligation to ensure the implementation of sufficient technical and organizational security measures. By means of this statement Trueson provides insight into the measures it has taken.

I. Description of the measures that ensure that only authorized personnel have access to the Processing of Personal Data

Trueson uses an authorization policy to determine who should have access to which data. Employees do not have access to more data on the basis of this system than is strictly necessary for their job.

II.  Description of the measures to protect personal data against unintentional or unlawful destruction, accidental loss or alteration, unauthorized or unlawful storage, processing, access or disclosure

Organization of information security and communication processes

  • Trueson has established an information policy plan in which an information security coordinator has been appointed who identifies risks relating to the processing of personal data, promotes security awareness, checks facilities and takes measures to ensure compliance with the information security policy.
  • Information security incidents are documented and used for optimization of the information security policy.
  • Trueson has set up a process for communication about information security incidents (databreach procedure).

Staff members

  • With employees, confidentiality statements are agreed and information security agreements are made.
  • Trueson stimulates awareness, training and training with regard to information security.
  • Employees do not have access to more data than is strictly necessary for their job based on an authorization system.

Physical security and continuity of resources

  • Personal data are only processed in a closed, physically secure environment with protection against external threats. OPTION – An access protocol has been drawn up.
  • Personal data are only processed on equipment where measures have been taken to physically secure the equipment and to ensure the continuity of the service.
  • Periodic backups are made for the continuity of the service. These backups are treated confidentially and stored in a closed environment.
  • The locations where data are processed are secured by means of locks, alarm systems and video surveillance and are periodically tested, maintained and periodically assessed for safety risks. Trueson has business continuity plans that include contingency locations.

Network, server and application security and maintenance

  • The network environment in which data is processed is strictly protected. Traffic flows are separated and measures are implemented against abuse and attacks.
  • The environment in which personal data are processed is monitored.
  • The digital services and products in which personal data are processed are established on the basis of system planning, security control and acceptance. Changes in applications are tested for vulnerabilities before they are taken into production.

On systems, the latest (security) patches are periodically installed on the basis of patch management.

  • Data processed within applications are classified according to risks.
  • Penetration tests and vulnerability assessments are performed periodically.
  • Information that is no longer used is removed.
  • Cryptographic measures have been applied to passwords to store these data securely.
  • Encrypted connections are used for log-in processes. The exchange of personal data to third parties takes place encrypted.
  • The following controls are arranged:

Login check

  • The user account is blocked after three unsuccessful log-in attempts. There is also a session time-out function that causes the connection to be disconnected if the user has been inactive for an extended period of time.
  • The workplace computers of the employees on the contractor’s premises are protected with a user name and password. There is also an automatic password protected screen and a computer lock.
  • There is a unique assignment of user accounts to users.

Access control

  • Access to the tools is only possible in accordance with a defined role and rights model. Only administrators and administrative staff have access to personal data.
  • Technical measures within the application guarantee the separation of the data areas between the organization components, so that users of one organization can only view, change or delete the data of that organizational unit.
  • The role and rights model used also determines which users of an organization can call up the above functions.

Input control

  • The mobile app is a distributed application. Data is copied to the local databases of the user devices via the online synchronization with the central server. The databases are each coded. The transmission channels are SSL-encrypted.
  • Several of the functions of the application contain an e-mail that must be sent. These e-mails are sent as standard e-mails and are only sent to the relevant addressee.
  • There is no transport of private data on generic mobile data carriers (memory stick, CD-ROM, DVD).

III. Description of the measures to identify weak points with regard to the Processing of Personal Data in the systems

The systems of Trueson are periodically checked for safety. In addition, the security policy of Trueson provides internal processes to identify vulnerabilities.

Reporting

The processor constantly updates this information and informs users about changes to the measures taken to protect personal data against abuse via the Trueson website. In case you detect security risks, please contact the helpdesk of Trueson via [NUMBER].

Inform about Databreach and / or incidents related to security

The way in which monitoring and identification of databreaches takes place:

Trueson monitors its services 24/7 and has taken measures to prevent and identify unauthorized or unlawful access to data. Signals that indicate a Databreaches are assessed by the security officer of Trueson, who analyzes whether there may be a Databreach, the type of databreach and whether this concerns a Databreach that falls under its role as processor or its role as controller.

The way information is shared:

If a Databreach occurs with regard to personal data that Trueson processes as a processor, the controller is informed by or on behalf of Trueson in principle within 24 hours after detection of a Databreach by e-mail. Depending on the situation, information can also be shared by our website and official social media channels and / or official distributors and / or commercial agents.

If a Databreach occurs with regard to personal data that Trueson processes as controller, the Dutch Data Protection Authority will be informed within 72 hours after detection of a Data Leak, and in case of adverse consequences for data subjects, then these will also be informed in the manner provided for by the law, so that they can take measures.

For follow-up actions or questions, you can contact our helpdesk by telephone or e-mail via the data included in the privacy statement.

Trueson shares the following information when a Databreach occurs:

  • The characteristics of the incident, such as: date and time of determination, summary incident, feature and nature incident (on what part of the security sees it, how did it occur, does it relate to reading, copying, changing, deleting / destroy and / or steal personal data);
  • The cause of the security incident;
  • The measures taken to prevent possible / further damage;
  • Identifying those involved who may be affected by the incident and the extent to which they may be affected;
  • The size of the group of stakeholders;
  • The nature of the personal data affected by the incident (in particular, special data, or data of a sensitive nature, including access or identification data or financial data).

If a specific situation, Trueson can make a (first) notification of a Databreach to the Dutch Data Protection Authority.

Changes to this policy

Trueson will regularly update this online privacy statement in order to keep it easily findable, error free and up-to-date and to ensure that sufficient information is available about your rights and that Trueson ‘s way (s) of processing have been implemented in accordance with the law and continue to comply with it. If major changes are made to this privacy statement, you will be informed via the websites on which an updated version of the privacy statement is published.

Trueson wants to cooperate with you in a good way and always find a suitable solution for complaints or care about privacy. If you are of the opinion that we could not help you with your complaint or care, you have the right to file a complaint via the website of your supervising authority.