Privacy Policy

Effective Date: 22/07/2024
Last Updated: 08/08/2025

At COTIT B.V., we are committed to protecting the privacy and security of your data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our modular supply chain visibility platform and related services (collectively, the "Services").
1. Who We Are

COTIT B.V.
Randstad 22 - 45
1316 BW Almere
The Netherlands
KvK: 67786804
Email: officer@cotit.eu
Data Protection Officer: Fabion Baromeo

2. Information We Collect

a. Customer Information
Data you provide directly to us when you sign up for our Services, such as:

  • Full Name
  • Company Name
  • Contact Details (Email, Phone Number)
  • Billing and payment information
  • Other information you choose to provide

b. Operational Data
When using our Services, we collect and process data relevant to your supply chain operations, including:

  • Warehouse and invertory data
  • Transport schedules
  • Order and production information
  • Customer and supplier data
  • Financial and invoicing data

c. Usage Data
Automatically collected data includes:

  • IP Address
  • Browser type and version
  • Device type and operating system
  • Platform ussage patterns (e.g. clicks, navigation)

We may collect the following categories of information:

3. How We Use Your Information

We process your data for the following purposes:

  • To analyze and optimize supply chains
  • We may generate insights from operational data to improve efficiency.
  • To deliver and improve our services
  • Including onboarding, configuration, support, and updates
  • To communicate with you
  • Including service-related messages, updates, and—with consent—marketing materials.
  • To comply with legal obligations
  • Such as tax compliance or responding to lawful requests.
5. How We Share Your Information

a. Service Provider
We may share data with trusted third parties such as:

  • Google Analytics (analytics)
  • Stripe (payment processing)
  • HubSpot (CRM and marketing automation)
  • Google Workspace (email and file storage)
  • Hetzner (secure hosting infrastructure)

All providers are contractually bound to protect your data and process it only on our instructions.

b. Client Workspaces

Clients using our platform may collect their own customer data within their environments. They are solely responsible for the privacy and compliance of data collected through their workspace and integrations.

c. Business Transfers

In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you in advance via email or our website.

d. Legal Compliance

We may disclose personal data to comply with lawful requests, such as those from courts, regulators, or law enforcement.

6. Cookies and Tracking

We use cookies and similar technologies on our websites and platform for:

  • Essential functionality (e.g., login sessions, navigation)
  • User preferences (e.g., language, theme)
  • Analytics (e.g., traffic sources, page visits)
  • Marketing (e.g., retargeting, ad personalization)
  • Security (e.g., fraud prevention, session validation)

A cookie consent banner allows you to manage your preferences.

7. Data Security

We apply appropriate technical and organizational security measures, including:

  • Data encryption
  • Two-factor authentication (2FA)
  • Role-based access controls
  • Regular security assessments
  • Secure cloud hosting

We work with infrastructure providers like Hetzner, who meet EU-level data security standards.

8. Data Retention

We retain your personal data only as long as necessary to:

  • Provide and improve our services
  • Comply with legal and regulatory obligations
  • Resolve disputes or enforce agreements

By default, personal data is retained for a maximum of one (6) month, unless otherwise agreed. Upon request, we will delete your data within 72 hours.

9. Your Rights Under GDPR

You have the following rights:

  • Right to access – to see what personal data we hold
  • Right to rectification – to correct inaccurate or incomplete data
  • Right to erasure – to request deletion of your data
  • Right to restrict processing – to limit how we use your data
  • Right to data portability – to obtain and reuse your data elsewhere
  • Right to object – to certain types of data processing
  • Right to withdraw consent – at any time, for consent-based processing

To exercise your rights, contact us at officer@cotit.eu.
If you believe we are not handling your data in accordance with the law, you can file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):
👉 https://autoriteitpersoonsgegevens.nl/

10. Children's Privacy

Our Services are not intended for individuals under the age of 16. We do not knowingly collect or process personal data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services or legal obligations.

  • Material changes will be communicated via email or posted prominently on our website.
  • The Effective Date at the top will be updated accordingly.
12. Contact

If you have questions, requests, or concerns regarding this Privacy Policy or your personal data, contact us at:

COTIT B.V.
Email: officer@cotit.eu