Privacy Statement

Download Privacy Statement


Who are we?

This privacy statement is published and maintained by Smartlockr B.V., located at H.J.E Wenckebachweg 123, 1096 AM Amsterdam (“Smartlockr”). Smartlockr is the controller for the processing of personal data such that is described below. We have appointed a data protection officer. This statement addresses the processing of personal data by Smartlockr through its website and in the context of the provision of its services.


How can you reach us?
H.J.E. Wenckebachweg 123
1096 AM Amsterdam
+31(0) 20 244 03 50


Which personal data do we process?

Personal data is received either directly from you or indirectly by means of our website or via the contact person of your organization. Depending on your status we process different categories of personal data. These statuses are set out below.

A. If you have entered into an agreement with us.

If you are the contact person of one of our corporate customers, then not all data listed below will be personal data:

  • Name of organization;
  • Given name and Surname;
  • Gender;
  • Address;
  • Phone number;
  • E-mail address;
  • Bank information; and
  • Invoice information.

B. If you are a user of one of our services.

  • Name of organization;
  • Azure Organization ID (in case of Azure AD users);
  • Azure User ID (in case of Azure AD users);
  • Given name and Surname;
  • Internet browser and Device type;
  • Outlook version information (for Outlook Desktop);
  • E-mail address; and
  • Password (is only needed when ADFS/Azure AD is not used. It is fully hashed and unreadable to us.)

C. If you are a recipient of a Smartlockr E-mail.

  • Name (we don't have the name of the recipient, unless a display name is filled in (optional);
  • Internet browser and Device type;
  • E-mail address; and
  • Phone number (in case of 2 factor authentication).


D. You are a visitor of our website.

  • IP Address;
  • High level location data based on your e-mail address;
  • Analytical data connected with your activities on our website; and
  • Internet browser and Device type.



For what purpose and based on what processing ground do we process your personal data?


Personal data


Processing ground

  • Name of organization, Given name, Surname, Male/Female, Address, Phone number, E-mail address and Bank account information.
  • To enable us to register you as a customer, send you invoices and process your payment.
  • Executing the agreement that we have for the provision of one or more services.

  • Given name and surname, E-mail address, Password (hashed) and Azure Organization ID (optional).
  • To create an account in our platform and to be able to call or e-mail you if necessary, to perform our service.
  • Executing the agreement that we have for the provision of one or more services.

  • Name, E-mail address, Phone number (optional) of sender and receiver.
  • Sending e-mail and attachments securely via e-mail (depending on the version of the services).
  • Executing the agreement that we have for the provision of one or more services.

  • Given name, Surname, and E-mail address.
  • Sending you our newsletter (1).
  • Our legitimate interest in keeping you informed about our services.

  • Given name, Surname, and E-mail address.
  • Inform you about any changes in one of our services that you use.
  • Executing the agreement that we have for the provision of one or more services.

  • Name of organization, Given name, Surname and Invoice information.
  • Comply with our tax obligations or comply with any order by a competent regulatory agency, police and justice department official or court.
  • Our compliance with our legal obligations.

(1) When entering into an agreement for one or more of our services, we will register your e-mail address for the receipt of our newsletter unless you object. You can always unsubscribe via the opt-out link in the newsletter.

How long do we retain your personal data?

We retain your personal data for up to 30 days after the end of a trial period or the term of your agreement.

Social media

You may choose to visit our company pages on social media. The social media links on the website only have the purpose to re-direct you to these pages.



Do we share your personal data with third parties?

Personal data is only made available to third parties by us if and to the extent that this is strictly necessary for the execution of our agreement with you or to comply with a legal obligation. With companies that process your personal data on our behalf, we always conclude a processing agreement. Our current processors are described here. Processors may be located outside the European Economic Area in a non-adequate country. If so, we shall conclude an agreement with that processor on the basis of so-called EU standard contractual clauses or we shall provide another appropriate guarantee as required per article 46 GDPR to ensure that your personal data is protected.


What are your rights?

You have the right to view, correct or delete your personal data. You may also object to our (further) processing of your personal data by or withdraw your consent if you have provided that previously to us. You also have the right to data transferability. This means that you can submit a request to us to send the personal data that we have from you to you or another organization of your choice.

You may send a request for inspection, correction, deletion, data transfer data or your withdrawal of your consent or objection to the processing of your personal data to In order to ensure that this communication is issued by the personal that is entitled to the personal data, you should send a copy of your identity document with the request. In this copy you may make unreadable your passport photo, MRZ (machine readable Zone, the strip with numbers at the bottom of the passport), passport number and citizen service (BSN).

We will respond to your request within 48 hours after having received it. We also remind you of the possibility of submitting a complaint to the Autoriteit Persoonsgegevens. You can submit a compliant via


How do we protect your personal data?

We take the protection of your personal data seriously and have therefore taken appropriate measures to avoid any misuse, loss, unauthorized access, unsolicited disclosure and unauthorized change of your personal data. If you have the impression that your data is not properly protected or there are any indications of misuse, please contact our customer service or


Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO). Our DPO can be reached via