Privacy and Cookie Policy

Who are we?

We are Zerocopter. When we process your data, our legal role is that of data controller.

For any questions about this privacy & cookie statement, you can contact us at [email protected].

Our full details are:

Zerocopter

3e Binnenvestgracht 23 F

2312 NR Leiden

The Netherlands

This privacy statement is applicable to:

• visitors of the Website;
• potential customers and other persons with whom Zerocopter is in contact, or tries to be, by email or by telephone;
• newsletter subscribers;
• recipients of invitations for events (in the following: Marketing) of Zerocopter;
• customers of Zerocopter; and
• all other persons who contact Zerocopter and of whom Zerocopter processes personal data.

For the privacy policy of the Zerocopter Application (app.zerocopter.com), please go to: https://app.zerocopter.com/privacy.

What data we collect

Contact data: data that can be used to contact you.

For example: name, phone number, (email) address, company info.

Financial data: data that enables the payment of our services.

For example: bank account number and holder.

Research data: data collected during the performance of our services.

For example: anonymised analysis on reported vulnerabilities, data profiling

Click and behavior data: data on how you use our services and website.

For example: IP-address, pages visited, visit duration, clicks, cookies, and other analytical data.

User-generated data: data you create while using our services, website or customer service.

For example: filled in contact forms, emails, answers to surveys, feedback.

Data we aim not to collect

Children’s data: data of children under the age of 16.

We do not aim our services at children under 16. We do not deliberately collect personal data on minors. In case we become aware that we have collected personal data on a child younger than 13 without the parents’ consent, we take actions to remove the data from our servers.

How and why we collect your data

Purpose	Data categories	Legal basis	How long we keep it
Running our website/app
When you access our website/app, we collect technical information and information about how you use our site using cookies and similar techniques.	Click and behaviour data	Your consent and Our legitimate interest	max. 13 months
Creating an account
When you create an account after receiving an invitation from us to do so, you give us information about yourself.	Contact data	Performance of a contract	Until deregistration
Engaging our services/hackers
‍When you use our services, or work for us as a hacker, you give us information to process the payment and perform our services.	Contact data and Financial data	Performance of a contract	5 years after completion of services
Conducting research
‍We also collect information our products and services, for research purposes.	Research data	Our legitimate interest	2 years after completion of research
Improving our website/app
‍We use various data to continuously improve our website and app and to give you the best experience possible. Where possible, we use fully aggregated and anonymous data, but in certain cases we may have to use personal data.	Click and behaviour data and User-generated data	Our legitimate interest and Your consent	Max. 13 months and Until deregistration
Marketing
‍When you sign up for our newsletter to receive updates such as events, blog post and other updates.	Contact data and Research data	Your consent	Until deregistration
Handling contact requests
‍When you contact us with a question via email, contact form, phone or social media, you give us information about yourself and your query.	Contact data and User-generated data	Performance of a contract and Your consent	Until deregistration

How do we keep your data secure?

The security of your personal data is our top priority. Our security experts are constantly assessing and improving the way we collect, process, and store your personal data. We take, for instance, the following measures (based on ISO/IEC 27002 (2022) and the security guideline NCSC (2015)):

• Data security policy: in which specific attention is also dedicated to data classification, the granting of access, and the control of vulnerabilities;
• Screening of staff: screening prior to employment, but also every five years a certificate of good behaviour is required from all collaborators. We also maintain a Code of Conduct for Zerocopter staff.
• Access authorisations: files, such as personnel documents and email traffic in the online environment of Zerocopter, are secured by access authorisations. The Chief Executive Officer gives authorisations to collaborators
• Enforcement of policies/procedures: besides the data security policy, we maintain several other security policies and procedures. For example a policy for network protection, clean desk and clear screen, physical security and security incidents and procedures for data breaches.

Your privacy rights

Do you want to exercise any of these rights? Contact us at: [email protected]

Right to access: you have the right to inspect the personal data that we process about you.

Right to rectification: you have the right to make us correct any incorrect or incomplete personal data we have about you.

Right to erasure: you have the right to make us delete any personal data we have about you.

Right to restriction of processing: in some cases, you have the right to ask us to restrict (temporarily or otherwise) the processing of your personal data. This means that we’ll process less data about you.

Right to object: you have the right to object to the processing of your personal data.

Right to withdraw consent you can easily withdraw your consent to the processing of your personal data at any time.

Right to data portability: you have the right to obtain a copy of your data so that you can port it to another service. If you ask us and it is technically possible, we will directly transfer the data to the other service for you.

Right to lodge a complaint about us with the supervising authority: if you are unhappy with how we process your data, please tell us first, so we have a chance to address your concerns. If we fail in this, under the privacy legislation, you have the right to contact the supervising authority to lodge a complaint.

Third parties who also process your data

To achieve the purposes we described above, we share your personal data with other companies or institutions. We have signed a data processing agreement with these parties to ensure that they process your data according to the purposes, safeguards, and good practices detailed in this statement.

Where personal data is transferred to a third party outside of the EEA we take steps to ensure we agree the required standard contractual clauses and where needed additional measures with them.

Service provider	Data categories collected /shared	Purpose	Place of processing
HubSpot
Privacy policy	Contact data and User-generated data	Managing our customer database	EU
LiveAgent
Privacy policy	Contact data	Managing our customer support	EU
Confluence
Privacy policy	Contact data and User-generated data	Managing our customer database	EU
Chargebee
Privacy policy	Contact data and Financial data	Managing our customer database	EU
Google workspace
Privacy policy	Contact data and User-generated data	Managing our customer database and support	EU

Sometimes we may also share data if we are legally obliged to do so (for example, if the police demands data in the event of suspected crime).

How we use the cookies?

On our websites (www.zerocopter.com and app.zerocopter.com) we (and third parties) use 2 types of cookies and similar techniques:

Functional cookies: necessary cookies that make it possible to use our website efficiently. We do not need your consent for these cookies.

Analytical cookies: cookies that are used to analyze the way our website is used by visitors. We sometimes have to ask for your consent for these cookies.

You can reject or give your consent to the placement of analytical cookies through our cookie banner. You can also withdraw your consent at any time within your browser.

Organization	Cookie name	Domain	Cookie type	Purpose	How long we keep it
Zerocopter	_zc_cookie_prefs _zc_cookie_preferences_202203	zerocopter.com app.zerocopter.com	Functional	Record (periodically asked) consent and ensure visitor has been informed about latest privacy- and cookie policy	12 months
Zerocopter	_zerocopter_core_session	app.zerocopter.com	Functional	Temporarily store data for the visit	End of the session
Matomo	_pk_ses.3.01.ba	zerocopter.com app.zerocopter.com	Analytical	Temporarily store data for the visit	30 minutes
Matomo	_pk_id.3.01ba	zerocopter.com app.zerocopter.com	Analytical	Store a few details about the user such as the unique visitor ID	13 months
Hubspot	hubspot_XfEA__hssc	zerocopter.com	Analytical	Set to track sessions	30 minutes
Hubspot	hubspot_XfEA__hstc	zerocopter.com	Analytical	Store visit data	6 months
Hubspot	hubspot_XfEA__hssrc	zerocopter.com	Analytical	Store session data	End of the session
Hubspot	hubspot_XfEA__hubspotutk	zerocopter.com	Analytical	Store visit data	6 months
ln_or	Linkedin	zerocopter.com	Analytical	Set to determine if analytics can be carried out	1 day

In addition to the cookies mentioned above, we also use Javascript. If your device does not support Javascript, websites are not displayed correctly.

Updates to this statement

We have the right to update this privacy and cookie statement.

The most updated version of the statement is always available on our website.