Download Privacy Statement

Who are we?

This privacy statement is published and maintained by AttachingIT BV, located at H.J.E Wenckebachweg 123, 1096 AM Amsterdam (“SmartLockr”). SmartLockr is the controller for the processing of personal data such that is described below. We have not appointed a data protection officer. This statement addresses the processing of personal data by SmartLockr through its website and in the context of the provision of its services.


How can you reach us?
H.J.E. Wenckebachweg 123
1096 AM Amsterdam
+31(0) 20 244 03 50


Which personal data do we process?

Personal data is received either directly from you or indirectly by means of our website or via the contact person of your organization. Depending on your status we process different categories of personal data. These statuses are set out below.

A. If you have entered into an agreement with us.

If you are the contact person of one of our corporate customers, then not all data listed below will be personal data:
• Name of organization;
• Given name and Surname;
• Male/Female;
• Address;
• Phone number;
• E-mail address;
• Bank information; and
• Invoice information.

B. If you are a user of one of our services.

• Name of organization;
• Azure Organization ID (in case of Azure AD users);
• Azure User ID (in case of Azure AD users);
• Given name and Surname;
• Internet browser and Device type;
• Outlook version information (for Outlook Desktop);
• E-mail address; and
• Password (hashed).

C. If you are a recipient of a SmartLockr E-mail.

• Name;
• Internet browser and Device type;
• E-mail address; and
• Phone number (in case of 2 factor authentication).

D. You are a visitor of our website.

• IP Address;
• High level location data based on your e-mail address;
• Analytical data connected with your activities on our website; and
• Internet browser and Device type.

As part of our Services we enable users to send secure attachments. These attachments can include personal data. If they do, this personal data is processed by us as a processor of our customer. We are not a processor if the sender has set a password or uses 2 factor authentication. In both of these cases, the attachment is secured in such a manner that it is no longer accessible to us.

The personal data under A and B must be provided to us to enable us to provide the services to our customer.

For what purpose and based on what processing ground do we process your personal data?

Personal data


Processing ground

• Name of organization, Given name, Surname, Male/Female, Address, Phone number, E-mail address and Bank account information.

• To enable us to register you as a customer, send you invoices and process your payment.

• Executing the agreement that we have for the provision of one or more services.

• Given name and surname, E-mail address, Password (hashed) and Azure Organization ID (optional).

• To create an account in our platform and to be able to call or e-mail you if necessary, to perform our service.

• Executing the agreement that we have for the provision of one or more services.

• Name, E-mail address, Phone number (optional) of sender and receiver.

• Sending e-mail and attachments securely via e-mail (depending on the version of the services).

• Executing the agreement that we have for the provision of one or more services.

• Given name, Surname, and E-mail address.

• Sending you our newsletter (1).

• Our legitimate interest in keeping you informed about our services.

• Given name, Surname, and E-mail address.

• Inform you about any changes in one of our services that you use.

• Executing the agreement that we have for the provision of one or more services.

• Name of organization, Given name, Surname and Invoice information.

• Comply with our tax obligations or comply with any order by a competent regulatory agency, police and justice department official or court.

• Our compliance with our legal obligations.


(1) When entering into an agreement for one or more of our services, we will register your e-mail address for the receipt of our newsletter unless you object. You can always unsubscribe via the opt-out link in the newsletter.

How long do we retain your personal data?

We retain your personal data for up to 30 days after the end of a trial period or the term of your agreement.

Do we share your personal data with third parties?

Personal data is only made available to third parties by us if and to the extent that this is strictly necessary for the execution of our agreement with you or to comply with a legal obligation. With companies that process your personal data on our behalf, we always conclude a processing agreement. Our current processors are described here. Processors may be located outside the European Economic Area in a non-adequate country. If so, we shall conclude an agreement with that processor on the basis of so-called EU standard contractual clauses or we shall provide another appropriate guarantee as required per article 46 GDPR to ensure that your personal data is protected.

What are your rights?

You have the right to view, correct or delete your personal data. You may also object to our (further) processing of your personal data by or withdraw your consent if you have provided that previously to us. You also have the right to data transferability. This means that you can submit a request to us to send the personal data that we have from you to you or another organization of your choice.

You may send a request for inspection, correction, deletion, data transfer data or your withdrawal of your consent or objection to the processing of your personal data to In order to ensure that this communication is issued by the personal that is entitled to the personal data, you should send a copy of your identity document with the request. In this copy you may make unreadable your passport photo, MRZ (machine readable Zone, the strip with numbers at the bottom of the passport), passport number and citizen service (BSN).

We will respond to your request within 48 hours after having received it. We also remind you of the possibility of submitting a complaint to the Autoriteit Persoonsgegevens. You can submit a compliant via

How do we protect your personal data?

We take the protection of your personal data seriously and have therefore taken appropriate measures to avoid any misuse, loss, unauthorized access, unsolicited disclosure and unauthorized change of your personal data. If you have the impression that your data is not properly protected or there are any indications of misuse, please contact our customer service or