Privacy Policy

Privacy Policy – GOTOVIAR B.V.

Version: 26.02
Date: 12 February 2026
Effective as of: 12 February 2026

GOTOVIAR B.V. (“GOTOVIAR”, “we”, “us”) processes personal data in the context of its website(s), portal(s) and services. In this Privacy Policy, we explain which personal data we process, for which purposes, on the basis of which legal grounds, and which rights data subjects have.

This Privacy Policy applies to:

  • visitors to our website(s)
  • contact persons of (potential) business customers
  • users of our portal(s), dashboards and software
  • persons who contact GOTOVIAR by e-mail

1. Who is responsible?

GOTOVIAR B.V. is the controller for the processing of personal data as described in this Privacy Policy, insofar as GOTOVIAR itself determines the purposes and means of the processing.

In practice, this means that GOTOVIAR is generally the controller for:

  • website management, analytics and marketing communications
  • contact and lead management
  • account management within the portal(s)
  • invoicing, payments and administration
  • security, logging and fraud prevention

In the context of our services, GOTOVIAR may also process personal data on behalf of business customers. In that case, GOTOVIAR acts as a processor and the customer as the controller. This generally concerns the processing of customer data within the service, including session content and any recordings. This is contractually set out in a data processing agreement (DPA).

2. Which personal data do we process?

GOTOVIAR may process the following personal data, depending on the use:

2.1 Contact and account details

  • name
  • e-mail address
  • telephone number (if provided)
  • company name
  • position and/or department (if provided)
  • account and user details within the portal(s)

2.2 Business and administrative data

  • invoice details
  • payment status and transaction information (via payment providers)
  • correspondence regarding contracts and services

2.3 Technical data and logs

  • IP address
  • browser and device data
  • date and time of use
  • login moments
  • technical logs, error messages and security signals
  • session data necessary for stability, security and performance

2.4 Website analytics data

When visiting our website(s), data may be processed via analytics tools, including Google Analytics and Google Search Console. This may include cookies or similar techniques.

2.5 Content of communications

If you contact us by e-mail, we process the content of your message and any attachments.

2.6 Streaming and session data (XR / remote guidance)

When using our remote streaming functionalities, GOTOVIAR may technically process data necessary to establish and maintain the session, including temporary video data and audio data.

As a rule, GOTOVIAR does not store live streams. Streaming data may be processed temporarily in volatile memory or buffers for transmission purposes, without resulting in structural storage. In that case, streaming data is processed solely to technically enable the session.

If a customer opts for recording functionality, video, audio or session recordings may be stored. In that case, the customer determines whether recordings are made and for which purposes. The customer is responsible for the legal basis, the duty to inform, and any consent requirements towards end users.

3. For which purposes do we process personal data?

We process personal data for the following purposes:

  • offering and providing our services
  • creating and managing accounts in our portal(s)
  • authentication, security and fraud prevention
  • providing support and handling questions or requests
  • invoicing, payment processing and administrative handling
  • analysis and improvement of our website(s), services and user experience
  • maintaining business relationships, including communication with (potential) customers
  • complying with legal obligations (such as statutory retention obligations for tax purposes)

4. On what legal grounds do we process personal data?

GOTOVIAR processes personal data only if there is a valid legal basis for doing so, including:

  • performance of an agreement (for example for account management, provision of software and support)
  • legal obligation (for example tax administration)
  • legitimate interest (for example security, abuse prevention, service improvement and business communication)
  • consent (for example if cookies or marketing technologies are used for which consent is required)

5. Cookies and analytics

Our website(s) may use cookies and similar techniques.

We use, among other things:

  • Google Analytics
  • Google Search Console

Depending on the configuration, Google may process personal data in this context, including IP addresses and online identifiers.

To the extent consent is required, this will be requested via a cookie banner or a similar solution. You can manage your cookie preferences via the cookie banner or through your browser settings. Disabling or deleting cookies may affect the functioning of parts of the website. For more information about cookies and similar technologies, we refer to our Cookie Notice.

6. With whom do we share personal data?

We share personal data only if this is necessary for the purposes as described in this Privacy Policy, or if we are legally obliged to do so.

Personal data may be shared with:

6.1 Hosting and infrastructure

  • Amazon Web Services (AWS) for hosting our software and portal. In principle, hosting takes place within the EU (Ireland).

6.2 Website hosting

  • Mijndomein for hosting our website(s) in the Netherlands.

6.3 Payment processing

  • Revolut for payment handling and transaction processing.

6.4 Analytics

  • Google (including Analytics and Search Console).

6.5 Other service providers

We may engage third parties for technical support or infrastructure, provided this fits within our services and contractual obligations.

7. International transfers (outside the EEA)

In principle, GOTOVIAR hosts its software and portal within the European Union.

If, in the context of a specific customer implementation, processing outside the European Economic Area (EEA) is necessary, this will take place exclusively at the customer’s request and after written arrangements.

For certain service providers such as Google, processing outside the EEA may occur, depending on the configuration and the services. Where applicable, GOTOVIAR relies on the contractual and technical safeguards offered by such service providers, including Standard Contractual Clauses (SCCs) and, where possible, EU-based configurations.

If personal data is processed outside the EEA, GOTOVIAR will apply appropriate safeguards as required under the GDPR, including (where relevant) Standard Contractual Clauses (SCCs) and additional measures.

8. How long do we retain personal data?

GOTOVIAR does not retain personal data longer than necessary for the purposes for which it was collected, unless a longer retention period is legally required.

In broad terms, we apply the following retention periods:

  • account and portal data: as long as the account is active and up to a maximum of 90 days after termination for administrative handling and security purposes
  • invoicing and payment data: at least 7 years, in accordance with statutory retention obligations for tax purposes
  • support and communications: as long as necessary for follow-up and record keeping, with a guideline period of up to a maximum of 24 months after completion
  • technical logs: in principle up to 90 days, unless a longer retention period is necessary for security, incident investigation, or compliance with legal obligations
  • analytics data: depending on the configuration of the tools used
  • recordings (if applicable): only if the customer purchases recording functionality and in accordance with additional arrangements

9. Security

GOTOVIAR takes appropriate technical and organisational measures to protect personal data against loss or unlawful processing.

This includes, among other things:

  • access security and account security
  • logging and monitoring
  • limiting access to personal data to authorised persons
  • secure communications where appropriate

10. Security incidents and data breaches

If there is a security incident or data breach, GOTOVIAR will take appropriate measures to investigate and limit the incident.

If GOTOVIAR acts as a processor, GOTOVIAR will act in accordance with the agreements in the DPA and the applicable legal obligations.

11. Rights of data subjects

Under the GDPR, you have the following rights:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object
  • right to withdraw consent (if processing is based on consent)

Requests can be submitted via the contact point as referred to in Article 16. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

If GOTOVIAR processes personal data on behalf of a business customer (as a processor), GOTOVIAR may forward a request to the relevant customer, since the customer is the controller in that case.

12. Automated decision-making

GOTOVIAR does not use automated decision-making or profiling within the meaning of Article 22 GDPR.

13. Minors

Our website(s), portal(s) and services are not aimed at persons under the age of 16. GOTOVIAR does not intend to knowingly process personal data of minors.

14. Links to third-party websites

Our website(s) may contain links to websites or services of third parties (such as social media platforms). GOTOVIAR is not responsible for the processing of personal data by such third parties. We recommend that you consult the privacy policy of these third parties.

15. Processing on behalf of customers (processor)

If GOTOVIAR processes personal data on behalf of a business customer, GOTOVIAR acts as a processor.

In that case, the customer, as the controller, determines:

  • which personal data is processed
  • for which purposes
  • and on the basis of which legal grounds

GOTOVIAR processes this data solely in accordance with the customer’s instructions and in accordance with the DPA.

16. Contact

For questions or requests regarding this Privacy Policy or the processing of personal data, you can contact us via:

GOTOVIAR B.V.

E-mail: info@gotoviar.com (for the attention of: Privacy)
Address: Rechtzaad 15, 4703 RC, Roosendaal
Chamber of Commerce: 89031938
Country: The Netherlands

17. Complaints

If you have a complaint about the processing of personal data, you can contact us.

You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

18. Changes

GOTOVIAR may amend this Privacy Policy from time to time. The most current version will be published via our website(s) and/or portal.