In this privacy statement we explain how SmartOcto BV handles personal data and how you can exercise your rights thereon. This addendum is effective as of May 25, 2018, the date the GDPR is effective. This addendum is in addition to the privacy policy as found at

When we speak of “we”, “we”, “us / our” and SmartOcto BV, we refer to SmartOcto BV, registered under company number 64307700 with the registered office at Vrouwe Udasingel 207, 6663 GT Lent, The Netherlands. When we speak of “you”, “you” or “user”, we refer to the person or entity registered with us to use the Website about the product and / or the Service, our state of the art notification dashboard SmartOcto.

We updated our Privacy Addendum to ensure that it incorporates the new SCCs adopted by the European Commission on June 4, 2021. The new SCCs will apply automatically to any users who started using our service on or after September 27, 2021 and for all other users on December 27, 2022. This is consistent with the EU Commission's Implementing Decision on June 4, 2021, which accompanied the new SCCs.

According to the General Data Protection Regulation (GDPR), contractual clauses ensuring appropriate data protection safeguards can be used as a ground for data transfers from the EU to third countries. This includes model contract clauses – so-called standard contractual clauses (SCCs) – that have been "pre-approved" by the European Commission.

SCCs means the standard contractual clauses between processors adopted by the European Commission in its Implementing Decision (EU) 2021/37 of 4 June 2021, and currently located here (the "2021 Processor-to-Sub-Processor Clauses").

Introduction - smartocto, data and personal data

Smartocto offers a Service to gain insight into the consumption of published stories. Users can collaborate within the platform by sharing stories, notifications and other notifications. In order to provide the Service, smartocto also collects public data in addition to customer data, customer platforms and / or user data. This public data may contain personal data. Personal data refers to information that directly or indirectly concerns a specific person.

The smartocto Website uses limited personal data entered by visitors on the contact page of our product website to properly process requests via this page. For handling the contact, we ask for the name and email address. As explained under the heading "Transfer of data to third parties", we do not share this personal data with third parties.

For the processing of personal data that smartocto carries out on its own initiative, such as the processing of its own customer data for account management or tax purposes, smartocto counts as the "controller" within the meaning of the privacy regulations. This means that SmartOcto BV as a company is responsible for compliance with this privacy regulation. In addition, it is possible that smartocto is a 'processor' for certain processing of personal data within the privacy regulations. In accordance with privacy regulations, smartocto's customers are responsible for these processing operations.

Sources and types of personal data

At the request of and only for customers, smartocto collects public data from selected information sources, such as specific social media and customer news sites. That is data actively shared online by users of these sources. The retrieved data can be found with a standard internet search engine and / or can be seen by visiting the relevant websites.

Some examples of personal data that may appear in the public data include (profile) names, email addresses, (profile) photos, public account information, location data such as place names (if shared) and any other personal information in the content of content.

Within the privacy regulations, a distinction is made between ordinary, special en criminal data. Special personal data includes privacy-sensitive personal data, such as data about someone's health, religion or political views. Criminal data includes “personal data related to criminal convictions and offenses or related security measures”. Smartocto only uses public sources. Personal data from the "special data" and "criminal data" groups will only be collected if someone has proactively shared something about it online.

However, smartocto is reluctant to use such personal data. If we process such data, for example in a publication on our blog on another form of publications, we always ensure that the data is anonymised.

Furthermore, smartocto has made as many technical and organisational provisions as possible to ensure that when information is deleted, it no longer returns to the Website and / or Service. Users can delete data themselves in the bundles and ink environment.

Use data

Smartocto collects data to visualise the effectiveness of multi-channel stories to the publicist.

Users determine how and for what they use the smartocto Website and / or Service. Users are bound by smartocto's terms of use, which can be found at When logging into the Service, users agree to the terms of use by confirming this with a check mark.

Users can use the story pages to understand the performance of published stories. The stream allows them to receive and view and flag tips and notifications (better known as Inking). Smartocto customers sometimes use the Big screen function for statistical applications in the Big screen. smartocto Impact Radar uses visualisation to help companies gain insight into the effort and impact delivered. By effort we mean production and impact stands for consumption.

By bundling public information and relating it to published stories, smartocto helps its customers make better decisions about their content and distribution strategies. Legally speaking, smartocto invokes the legitimate interest of smartocto and its users to enable these decisions.

Individuals who post online have an interest in protecting their privacy. Smartocto takes this privacy interest into account. For example, you can have your personal information deleted at smartocto (see further below), smartocto respects the privacy settings of all social media platforms, smartocto makes agreements about confidentiality with employees, customers and suppliers and smartocto has taken various safeguards for a secure IT infrastructure. .

Smartocto stores data, including personal data, insofar as this is necessary for its services to function properly.

Transfer of data to third parties

Smartocto does not pass on data, including personal data, to third parties, except as stated in the privacy policy at Access to data is limited as much as possible within the smartocto organisation. When smartocto conducts research into trends and developments, data is anonymized so that it cannot be traced back to individuals.

In addition, users have access to collected public data related to the contract and / or title under which they use the Website and / or Service, under smartocto's terms of use. In smartocto Open you get an impression of what this looks like. We show search results with reference to the original source.

SmartOcto BV hosts the smartocto software and data on secure servers in privacy-compliant cloud hosting in Europe. It is our policy to limit working with third parties and to use it only if the specialism is strictly necessary, to support our business processes.

Data protection

Smartocto has taken extensive measures to protect the data, including personal data.

Privacy measures

Smartocto has taken measures to minimize the traceability of visitors to our Website and / or Service. We do this by anonymising each IP address when registering statistics, as prescribed by the Dutch Data Protection Authority in the manual 'privacy-friendly setting of Google Analytics' of March 2018, which can be found on the website of the Dutch Data Protection Authority.

Questions and rights

If, after reading the privacy policy and this addendum, you have further questions about how smartocto handles personal data or if you wish to inspect it, request a request for correction, deletion or limitation of the processing of your personal data, please send an email to privacy officer of smartocto.

Smartocto will process your question or request and will come back to you as soon as possible. Smartocto may need additional information to process your request. For example, in the event of a request for access or removal, smartocto will want to make sure that you are the person about whom the personal data concerned are concerned. In such a situation, smartocto will also have to check whether the request is justified and feasible. This is in the interest of you and all other smartocto users and customers.

However, when smartocto grants the request to correct data or information from (the Service of) smartocto, this does not mean that the information from the internet has been corrected or deleted. Depending on the data, it may therefore be more effective to target the website in question. There is also the option to file a complaint with the Dutch Data Protection Authority. More information can be found on the website of the Dutch Data Protection Authority.

The above rights refer only to customers and not visitors to customer websites, because there is no way of identifying these visitors


Smartocto uses handy and useful techniques that increase ease of use and that make the site as interesting as possible for every visitor. The best-known examples of this type of technology are cookies and scripts (hereinafter collectively referred to as “cookies”). Cookies can be used by website owners or third parties - advertisers, for example - who communicate through the websites you visit. More information about the use of cookies can be found in de cookie statement from smartocto with the corresponding cookie overview.


Smartocto offers customers and / or other interested parties the opportunity to subscribe to a mailing from smartocto. If customers sign up for one or more mailings, they must give explicit permission for this. Subscriptions for one or more newsletters always follow through a so-called opt-in. In practice, the opt-in involves confirmation by opening a confirmation link in an activation email. Each mail is linked to information with which a recipient can unsubscribe from the mailing.

Retention periods

The GDPR stipulates that personal data may not be stored longer than is necessary for the purposes for which it was collected. A specific retention period is not given in the GDPR. In a number of other laws, specific retention periods are prescribed. For example, a copy of an employee's ID card should be the employer five years after the end of employment and the data will not be kept longer than deemed necessary. Smartocto takes over the legal retention periods for some processing operations, which are longer than the contract duration. Think of an administrative obligation or a tax obligation. The retention periods for personal data are defined in the processing register.

Report a vulnerability or data breach

If you think you have found a vulnerability in one of our (digital) services (vulnerability) or you can see or access confidential information such as personal data (data breach), we would like to work with you to resolve this situation as quickly as possible. unload. Therefore, we request that you share this information with us at

Contact details smartocto

SmartOcto B.V.
Vrouwe Udasingel 207,
6663GT  Lent,

Contact information DPO

Name: Mr. Darko Đorđević

Smartocto may amend this privacy statement from time to time. A modified privacy statement applies from the date stated here.

SmartOcto BV, version April 2022