Privacy- and cookiepolicy

Table of Contents

Privacy Policy

This Privacy Policy provides information on the processing of personal data by RUMvision B.V. ("RUMvision", "we", "us", "our"). This Privacy Policy may be changed over time. The most up-to-date Privacy Policy is published on https://www.rumvision.com/statements/privacy-policy, the page you are visiting right now.

Version: 2.0, Date: August 21th 2025

1. Introduction

In this Privacy Policy we describe:

Who we are
How, when and for which purposes we process your personal data
How you can exercise your privacy rights
All other information that may be relevant to you

2. Who is responsible for your personal data?

RUMvision B.V. is the controller of the processing of all personal data that fall within the scope of this Privacy Policy.

Contact Details:

RUMvision B.V. situated at Ubbo Emmiussingel 21, 9711BB Groningen, The Netherlands
KVK/CoC: 85752762
Email: info op rumvision punt com
Phone: +31 507001973 (Monday to Friday, 9:00-17:00)

3. For which purposes do we process your personal data?

3.1. To provide our RUMvision monitoring services

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Performance of contract	Art. 6(1)(b) GDPR	Processing necessary for contract performance
Legitimate interests	Art. 6(1)(f) GDPR	Processing necessary for legitimate business interests

We process your personal data to deliver our Real User Monitoring (RUM) services through our tracking snippet installed on your website. We collect anonymized performance data from your website visitors to provide analytics and monitoring insights.

Personal data we process:

Contact details (name, email address, company name, job title)
Account credentials (username, encrypted password)
Billing information (name, address, payment details)
Website performance data (anonymized visitor metrics, page load times, technical performance data)
Country information (derived from existing AWS infrastructure, no additional IP lookups)
Device information (memory, connection type, user preferences - all browser-anonymized)

Note: We do NOT collect personally identifiable information (PII) from your website visitors, including IP addresses, names, email addresses, or other identifying information.

3.2. For website functionality and technical management

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Legitimate interests	Art. 6(1)(f) GDPR	Processing necessary for legitimate business interests

We process technical data to deliver our website functionality, ensure security, and manage our platform performance.

Personal data we process:

Technical information (IP address, browser type, device information)
Usage data (pages visited, session duration, feature usage)
Login history and security logs
Error reports and system diagnostics

3.3. To secure your account and prevent fraud

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Legitimate interests	Art. 6(1)(f) GDPR	Processing necessary for legitimate business interests
Performance of contract	Art. 6(1)(b) GDPR	Processing necessary for contract performance

We implement security measures to protect your account and our services from unauthorized access and fraudulent activities.

Personal data we process:

Authentication data (login credentials, two-factor authentication tokens)
Security logs (login attempts, trusted browsers, password changes)
Domain verification information
Account activity logs

3.4. When you interact with us through our website and contact forms

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Legitimate interests	Art. 6(1)(f) GDPR	Processing necessary for legitimate business interests
Consent	Art. 6(1)(a) GDPR	Processing based on freely given consent

When you contact us through our website, contact forms, or other communication channels, we process your information to respond to your inquiries and provide support.

Personal data we process:

Contact details (name, email address, phone number)
Your questions, comments, or complaints
Communication history and correspondence
Technical information (IP address, browser information for security)

Contact form data retention: Information submitted through contact forms is stored for 3 months. You can request earlier deletion if you only contacted us once and we don't need the data for other purposes (such as ongoing agreements or misuse investigations).

Third-party communication platforms: When you contact us through WhatsApp, email clients, or LinkedIn, their respective privacy policies apply to that communication.

3.5. For billing and payment processing

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Performance of contract	Art. 6(1)(b) GDPR	Processing necessary for contract performance
Legal obligation	Art. 6(1)(c) GDPR	Processing necessary for legal compliance

We process payment information to manage subscriptions, process payments, and maintain financial records.

Personal data we process:

Billing information (name, address, company details)
VAT number (if applicable)
Payment data (processed through secure third-party payment processors)
Invoice and transaction history
Tax-related information where required by law

3.6. To communicate with you

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Performance of contract	Art. 6(1)(b) GDPR	Processing necessary for contract performance
Legitimate interests	Art. 6(1)(f) GDPR	Processing necessary for legitimate business interests
Consent (for marketing)	Art. 6(1)(a) GDPR	Processing based on freely given consent

We process your contact information to:

Respond to your inquiries and provide customer support
Send service-related notifications and updates
Send marketing communications (only with your consent)

Personal data we process:

Contact details (name, email address, phone number)
Communication history and support tickets
Marketing preferences and consent records

3.7. For service improvement, analytics, and AI-powered insights

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Legitimate interests	Art. 6(1)(f) GDPR	Processing necessary for legitimate business interests

We analyze aggregated, anonymized data to improve our services, develop new features, and provide AI-powered insights including anomaly detection, performance alerts, and advisory recommendations.

Our legitimate interests include:

Improving service quality and performance
Developing new monitoring features and capabilities
Providing automated alerts and anomaly detection
Generating performance insights and recommendations
Training AI models for better performance analysis

Personal data we process:

Aggregated, anonymized performance metrics
Website performance patterns and trends
Feature usage statistics (anonymized)
Customer feedback and survey responses

AI and Machine Learning: We use artificial intelligence and machine learning technologies to:

Detect performance anomalies and unusual patterns in your website data
Generate automated alerts for performance issues
Provide personalized recommendations for website optimization
Identify trends and benchmarks for performance improvement
Train our AI models to improve accuracy of insights and recommendations

All AI processing uses only aggregated and anonymized data. We ensure compliance with applicable AI regulations, including the EU AI Act, and never use personal data for AI training without proper anonymization.

3.8. For recruitment and employment

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Legitimate interests	Art. 6(1)(f) GDPR	Processing necessary for legitimate business interests
Legal obligation	Art. 6(1)(c) GDPR	Processing necessary for legal compliance

When you apply for positions at RUMvision, we process your application data.

Personal data we process:

Contact information (name, email, phone number)
CV, cover letter, and portfolio
Interview notes and assessments
References and background check information

3.9. For agency arrangements and multi-client management

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Performance of contract	Art. 6(1)(b) GDPR	Processing necessary for contract performance
Legitimate interests	Art. 6(1)(f) GDPR	Processing necessary for legitimate business interests

If you use our services as an agency to monitor websites for your clients, we process additional data to manage these relationships.

Personal data we process:

Agency contact and billing information
Client website domain information
Agency-client relationship data
Multi-domain management settings

3.10. To comply with legal obligations

LEGAL BASIS	GDPR ARTICLE	DESCRIPTION
Legal obligation	Art. 6(1)(c) GDPR	Processing necessary for legal compliance

As a data controller, we may process your personal data to comply with applicable laws, regulations, and legal requests.

Personal data we process:

Any personal data necessary to comply with legal requirements
Data required for tax and accounting obligations
Information requested by regulatory authorities

4. Data Storage and Local Storage Usage

4.1. Browser Storage

We use localStorage and sessionStorage to enhance service functionality:

localStorage:

Stores timestamp of first page visit to identify returning visitors
No expiration date but may be cleared by browsers after inactivity periods

sessionStorage:

Browser optimization data
Page tracking status
Session identifiers (UUID)
Performance sampling rates

You can disable browser storage through your domain settings under "Privacy and consent" options.

4.2. What we do NOT track

IP addresses
Names, email addresses, or other PII from website visitors
Query string values (only keys to avoid PII collection)
Precise location data beyond country level

5. Who has access to your personal data?

5.1. Internal access

Access to personal data within RUMvision is restricted to authorized employees who need it to perform their job functions. All employees receive privacy training and are bound by confidentiality obligations.

5.2. Third-party processors

We work with the following categories of data processors:

Infrastructure and hosting:

AWS (Frankfurt) - data processing and storage
Google Cloud (Belgium) - data processing and storage
Elastic Search - data indexing and search
Team Blue (Netherlands) - hosting services
Chessweb - hosting and development services

Payment and billing:

Stripe - payment processing and subscription management
Exact - accounting and financial management

Communication and productivity:

Office 365 (Microsoft) - email, document management, and business operations
SendGrid - email delivery services
Slack - support and technical communication
Meta WhatsApp - website chat integration

Marketing and analytics:

Piwik/Matomo - privacy-friendly web analytics (self-hosted)
Google Tag Manager - tag management system
Microsoft Clarity - website usage analytics for our own website
LinkedIn Pixel - marketing analytics and conversion tracking

All third-party processors are bound by data processing agreements and process data only on our instructions.

6. Data retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

DATA TYPE	RETENTION PERIOD	PURPOSE
Account data	While active + 3 years after closure	Legal and accounting purposes
Raw performance data	Up to 13 months during subscription	Service provision
Performance data after cancellation	2 additional months	Allow reactivation or export
Aggregated, anonymized data	Indefinitely	Service improvement and AI training
Support communications	3 years after last interaction	Support history
Financial records	7 years	Dutch accounting and tax obligations
Marketing data	Until consent withdrawn or 3 years of inactivity	Marketing purposes
Security logs	1 year	Security monitoring
AI training data	Indefinitely (anonymized only)	Service improvement

7. Your privacy rights

Under GDPR, you have the following rights:

Right of access: Request information about personal data we process about you
Right to rectification: Request correction of inaccurate personal data
Right to erasure: Request deletion of your personal data (subject to legal obligations)
Right to restriction: Request limitation of processing in certain circumstances
Right to data portability: Request transfer of your data in a structured format
Right to object: Object to processing based on legitimate interests
Right to withdraw consent: Withdraw consent for processing requiring consent
Right to lodge a complaint: File a complaint with a supervisory authority

To exercise these rights, contact us at info op rumvision punt com. We will respond within 30 days and may request additional information to verify your identity.

8. Security measures

We implement appropriate technical and organizational measures to protect your personal data:

Encryption of data in transit and at rest
Strong password requirements and two-factor authentication
Regular security assessments and updates
Access controls and employee training
Incident response procedures
Regular backups and disaster recovery plans

9. Cookies and tracking

9.1. What are cookies

Cookies are small text files placed on your computer, tablet, or smartphone when you visit a website. We use both session cookies (deleted when you close your browser) and persistent cookies (stored until they expire or are deleted).

9.2. Technical cookies (Essential)

COOKIE	PURPOSE	RETENTION PERIOD
PHPSESSID	Session management and duration measurement	Session
Latency	Performance measurement	1 day
Session Storage	Store session data locally (not sent to server)	Session

9.3. Analytical cookies

COOKIE	PURPOSE	RETENTION PERIOD
_pk_id	Distinguish unique users (Piwik)	13 months
_pk_ses	Track session duration (Piwik)	30 minutes
_pk_ref	Track referrer information (Piwik)	6 months

9.4. Web analytics with Piwik

We use Piwik (also known as Matomo) for web analytics to understand how visitors use our website and improve our services. Piwik offers privacy-friendly analytics:

Self-hosted: We host Piwik on our own servers within the EU
IP Anonymization: All IP addresses are anonymized
Privacy-focused: Piwik is designed to respect user privacy
No third-party sharing: Analytics data remains under our control
First-party cookies: All cookies are set by RUMvision domains
GDPR compliant: Piwik is built with GDPR compliance in mind
Opt-out: You can opt out of Piwik tracking on our website through the privacy settings or by configuring your browser to block analytics cookies

9.5. No other cookies

On RUMvision, besides the Analytics cookies mentioned above, no other tracking cookies are used.

10. Data Protection Officer

We do not have a data protection officer. For privacy enquiries please contact our CEO Karlijn Löwik via karlijn op rumvision punt com

11. Links to third parties

Our web pages may contain links to other websites. This privacy policy does not apply to third-party websites linked from our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We therefore recommend that you read the privacy policy of these websites before using them.

12. About this statement

12.1. Your legal rights

You may ask RUMvision for access to the data stored about you. You can also ask RUMvision to modify, transfer, supplement or delete this data. You can do this by contacting us via our contact form, sending us an email info op rumvision punt com or by calling us at +31 507001973 Monday to Friday between 9:00 and 17:00.

12.2. Changes

We reserve the right to modify this privacy policy. Changes will be published on our website. It is therefore recommended to consult this policy regularly so that you are aware of any changes.

12.3. Data Protection Authority

Of course, we are also happy to help you if you have complaints about the processing of your personal data. Under privacy legislation, you have the right to file a complaint with the Dutch Data Protection Authority against our processing of your personal data. You can contact the Data Protection Authority for this purpose.

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
2594 AV The Hague
The Netherlands
autoriteitpersoonsgegevens.nl

13. Contact us

For questions about this Privacy Policy or our data practices, contact:

RUMvision B.V.
Groningen, The Netherlands
Email: info op rumvision punt com
Website: www.rumvision.com

This Privacy Policy is effective as of August 21th 2025 and applies to all users of RUMvision services.