PRIVACY STATEMENT SESSY.APP
Located at 3e Poellaan 40, 2161 DN Lisse, the Netherlands Registered with the Chamber of Commerce under number 75498707
Last modification on: February 9, 2023
This Privacy Statement has been translated from the original Dutch version. In case of any discrepencies between the translated and the Dutch version, the Dutch version takes precedence. Click here for the Dutch version.
Sessy (hereinafter: “us”, “we” or “our”) offers an online Platform, via which Platform Users can 1) use the Services of Sessy and 2) Users can offer services to other Users and enter into agreements with each other. In these cases, the Personal Data you provide will be processed by us.
This privacy statement contains information about our policy regarding the processing (collection, storage, use, sharing and disclosure) of your Personal Data by Sessy, for example when you visit our Website, use our App or Platform, contact us through the form on our Website, register for our newsletter, create an account, use our Services or purchase services from a Provider on the Platform and enter into an agreement with the Provider, and the choices you have with regard to the processing of that data by Sessy.
We use your Personal Data to communicate with you, to perform the agreement we have entered into with you, and to provide and improve our Services. When you use our Services, you agree to the processing of your Personal Data in accordance with this policy.
1. DEFINITIONS
In this Privacy Statement, the following terms are capitalized and used with the following meaning:
-
Sessy: the owner of the Platform.
-
User: the person who uses the Sessy Platform.
-
Member / Members: the person who purchases services from the Provider via the Platform and enters into an Agreement with the Provider via the Platform.
-
Provider: the natural or legal person who offers services via the Platform and in that context enters into Agreements with one or more Members via the Platform.
-
Subscription: the agreement between a Provider and a Member on the basis of which the Member has the right to use the services of the Provider and to register for Sessions of the Provider.
-
Platform: the online platform of Sessy, consisting of the Website, a backend application for Providers and the Sessy app that (among other things) enables Users to enter into Agreements with each other.
-
Backend Application: online application intended for Providers in which the Provider can define what kind of Subscriptions they want to offer, what type of Sessions, etc. In addition, Providers can set the payment options for their Members in the Backend Application, perform the membership administration, collect payments, schedule Sessions and communicate with their Members.
-
Sessy App: the native app, which can be downloaded on a mobile device, which enables the User to enter into one or more Subscriptions with Providers, register for Sessions, make payments to Providers and maintain personal account details.
-
Services: all services offered by Sessy, including but not limited to making the Platform available, including the associated functionalities and the mediation activities that Sessy performs.
-
Website: the website of Sessy, which can be reached via: https://www.sessy.app, as well as the support site (https://docs.sessy.app) and the backend application (https://backend.sessy.app).
-
Usage data: automatically collected data generated by the use of our Website, for example: the duration of the visit to a page on our website.
-
Data controller- the natural or legal person who (alone, jointly or jointly with other persons) determines the purposes for which and the manner in which Personal Data are or will be processed. In the context of this Privacy Statement, we are a Controller of your Personal Data.
-
Data processors: the natural or legal person who processes the Personal Data on behalf of Sessy. We may use the services of various Data Processors to process your data.
-
Data Subject: The Data Subject is any living individual who purchases Services from us and who is the subject of the Personal Data processed by us.
-
Personal data: all information about an identified or identifiable natural person. This means that information is either directly about someone or can be traced back to this person.
2. DATA COLLECTION AND USE
We collect different types of data for different purposes to perform our Services, as well as to provide our Services to you and to improve our Services.
Personal data
When you use our Platform, we may ask you to provide us with certain personally identifiable information that can be used to operate the Services, contact you, or identify you. This personally identifiable information may include, but is not limited to, the information below. A distinction is made here between Website visitors, (employees of) Providers and Members/Users.
Website visitor
| Personal data | Purposes for processing |
|---|---|
| IP address | The IP address is stored by means of a cookie to provide chat functionality on the website for providing support to (potential) customers. |
| First and last name Telephone |
Processing the contact form on the Platform and communication with the visitor of the Website. |
(employees of) Provider
| Personal data | Purposes for processing |
|---|---|
| First and last name Address Phone Date of birth |
Name and contact details of company contacts are kept for customer identification, support, use of the Platform, communication purposes and informing about developments on the Platform (such as new functionality). |
| Payment information | The payment information is captured in Stripe and used to charge the monthly license fee. Sessy does not have access to this information |
Members / Users
| Personal data | Purposes for processing |
|---|---|
| First and last name Address Telephone Date of birth |
Name and contact details are kept so that the Providers on the Platform can communicate with their Members, provide their services and personalize services to their Members (exact service depends on the company) and collect payments. |
| Bank account | If the company uses direct debit via its own company account: the IBAN bank account of Members is collected by the Platform in order to generate a payment file with which the Provider can import direct debits into their banking environment. |
| Payment data | If the Provider uses Stripe to collect payments from their Members: Payment data is stored in Stripe. Sessy and the Provider do not have access to this data |
| Purchases | Purchases (subscriptions and other purchases) are tracked on the Platform, including the payment status so that payments can be collected. |
| Session history | The session history is kept on the Platform so that Sessy and Providers can offer a personalized service to their Users and Members (for example, based on the session types visited). In addition, the information is used to improve the service. |
| Personal Notes | Personal notes and attachments may be added by the Provider to Members to provide a personal/individual service (tracking progress, injuries, etc.). |
| Device tokens | Unique code for each device on which the Sessy App is used by Members/Users. The device token is used by Sessy and Providers on the Platform to send notifications (general and personal messages) to their Users and Members. |
Sessy as Data Processor
Personal data of the Members of the Provider are processed by Sessy in the context of the Subscription that Members have Purchased from the Provider. In this context, Sessy only processes the Personal Data of Members for the benefit of and on behalf of the Provider. With regard to the processing of Personal Data on behalf of the Provider, Sessy is therefore only a Data Processor and not the Controller. In the context of the processing of Personal Data on behalf of the Provider, Sessy has concluded a processing agreement with the Provider. Sessy is only Controller with regard to the Personal Data of Members insofar as Sessy uses this Personal Data for its own purposes.
Usage data
We may collect data that your browser sends when you use our Platform. This Usage Data may include information such as your device’s Internet Protocol (IP) address, browser type, browser version, the pages you have visited on our Platform, the time and date of your visit, the time spent on those pages, the unique device identifier and other diagnostic data. When you use our Platform with a mobile device, this Usage Data may also include information such as the type of mobile device you use, the unique ID of your mobile device, the IP address of your mobile device, the operating system of your mobile device, the mobile internet browser that you use, the unique device identifier and other diagnostic data.
We use the Usage Data for a variety of purposes:
- to collect analytics or valuable data that we can apply to improve the Platform and Services
- to detect, prevent and treat technical problems
Newsletter
Similar to the information that we have indirectly collected about you, we may use the Personal Data you provide to us for sending our own newsletter or other marketing purposes, for example an email with offers that are related to the Services you have previously used, purchased from us or services from Providers that you may be interested in. For this we use your e-mail address and your first and last name. You can indicate at any time that you no longer wish to receive newsletters from us. To do so, please follow the unsubscribe instructions included in every email you receive from us.
3. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA UNDER THE GENERAL PERSONAL DATA REGULATION (GDPR)
If you are from the European Economic Area (EEA), the legal basis for the collection and use of the Personal Data described in this Privacy Statement depends on the Personal Data we collect and the specific context in which we collect it.
We may use your Personal Data because:
- You use our Platform or our Services
- You have given us permission to do so
- The processing is in our legitimate interest and is not overridden by your rights
- In compliance with the law
4. DATA STORAGE AND RETENTION
We will take all reasonable steps to ensure that your Personal Data is processed in accordance with this Privacy Statement and that your Personal Data is not transferred to an organization or country outside the European Union.
We only retain your Personal Data for as long as this is necessary for the purposes stated in this Privacy Statement. We retain and use your Personal Data to the extent necessary to comply with our legal obligations (e.g. if we are required to retain your data in compliance with applicable law), resolve disputes, and enforce our legal obligations or policies.
We also store your Usage Data for internal analytical purposes. Usage data is anonymized as much as reasonably possible, unless we are legally obliged not to store this data anonymously.
All Personal Data will be deleted by us when it is no longer necessary for the purposes for which we process the Personal Data, unless we are obliged to keep (part of) your Personal Data for longer on the basis of a legal obligation. Personal data is removed manually by us.
5. DATA DISCLOSURE
Business transaction
If Sessy.app is involved in a merger, acquisition or asset sale, your Personal Data may be transferred. We will notify you before your Personal Data is transferred and becomes the subject of a different Privacy Statement.
Disclosure for Law Enforcement Purposes
In certain circumstances, we may be required to disclose your Personal Data if required to do so by law or at the request of government authorities (e.g. a court or government agency).
Legal requirements
We may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights and property of Sessy
- To prevent or investigate possible wrongdoing in connection with the use of our Platform and the provision of Services
- To protect the personal safety of Users of the Platform or the public
- As protection against legal liability
6. DATA SECURITY
The security of your Personal Data is important to us. However, please note that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.
7. YOUR DATA PROTECTION RIGHTS UNDER THE GENERAL PERSONAL DATA REGULATIONENS (GDPR)
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We strive to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.
If you want to know which Personal Data we process about you and if you want certain Personal Data to be removed from our systems, you can contact us.
In any case, you have the following legal data protection rights:
- The right to access, update or delete the Personal Data that we process about you. Where possible, you can access and update your Personal Data or request its deletion directly in your account settings. If you are unable to perform these actions yourself, you can contact us for assistance.
- The right to correction. You have the right to have your information corrected if that information is inaccurate or incomplete.
- The right to object. You have the right to object to the processing of your Personal Data.
- The right to restriction. You have the right to request that we restrict the processing of your Personal Data.
- The right to data portability. You have the right to receive a copy of the information we process from you in a structured, machine-readable and commonly used format.
- The right to withdraw your consent. You also have the right to withdraw your consent at any time where we process your Personal Data based on your consent.
Please note that we may ask you to verify your identity before responding to such requests.
You have the right to submit a complaint to the Dutch Data Protection Authority regarding our collection and use of your Personal Data. For more information, please contact the Dutch Data Protection Authority.
8. SHARING OF PERSONAL DATA
Brokerage activities
Our Services include facilitating the conclusion of agreements between Users (Provider and Member). In this context, we may share your Personal Data with a Provider. This includes your first and last name, e-mail address, address, telephone number and IP address. The Provider processes the Personal Data he/she has received from us for his/her own purposes. The Provider is therefore itself the controller with regard to your Personal Data that the Provider receives from us.
In addition, in the context of our business activities, we share your Personal Data with external companies and persons to provide our Services, to (be able to) perform work in the context of our Services, to simplify our Services, to (be able to) process your Personal Data, or to help us analyze how our Services and Platform are used or could be improved.
We have concluded processing agreements with all external parties engaged by us and with whom your Personal Data is shared. These Data Processors will only have access to your Personal Data to perform these tasks on our behalf and they may not disclose it to others or use it for any other purpose:
| Data processor | Purpose |
|---|---|
| Google Cloud | Sessy’s servers run on Google cloud architecture. The Personal Data and Usage Data are stored there. The data is stored on Google servers within the EU. Various Google services are used to process data, to store data, to secure data and data transfer, for analysis or to collect valuable data that we can use to improve our Platform and Services, to detect and solve technical problems, and for the technical operation of our Platform. This includes the following services: Google Cloud Platform, Google Workspace, Google Analytics, Google Firebase and Google reCAPTCHA. Google’s data protection rules apply to the processing of Personal Data by Google. More information about Google’s privacy policy can be found on these pages: Google Firebase Google Analytics Google Cloud |
| Stripe | Personal data is shared with Stripe for the purpose of collecting payments. Stripe will, if necessary for the performance of its services, store the Personal Data outside the EU. There is a separate Data Processing Agreement to which Users need to agree, see for more information: https://stripe.com/en-nl/legal/dpa |
| Crisp | Personal data is shared with Crisp to provide support to Users (chat/email form on the website). Personal data is stored on EU servers of Crisp. More information about Crisp’s privacy policy can be found on this page: https://crisp.chat/en/privacy/ |
| Other service providers | When we hire third parties to perform certain (specialist) activities in the context of our Services, we may provide these service providers with your Personal Data insofar as this is necessary for the performance of our Services to you. |
9. SOCIAL MEDIA AND LINKS TO OTHER SITES
Social media
On our Platform we may show messages and/or links to social media channels. The terms and conditions of the relevant social media platform apply to the use of social media.
Links to other websites
On our Platform you may find hyperlinks to third party websites. We bear no responsibility with regard to the way in which these third parties handle your data. Read the privacy statement, if available, of the website you visit.
10. CHANGES TO THIS PRIVACY POLICY
We may update our Privacy Statement at any time. We will notify you of any changes by publishing the new Privacy Statement on our Platform.
11. CONTACT US
If you have any questions about this Privacy Statement or wish to exercise your rights, you can contact us via the website (contact form) or via email: contact@sessy.app.