Privacy Policy


This policy covers the privacy practices that Widget Brain B.V. and its subsidiaries and affiliates ("Widget Brain" or "we") employ when providing support, consulting, Cloud or other services (the "services") to its customers ("you" or "your"). Widget Brain has established this privacy policy in order to clarify that the use of information to which it may be provided access in order to provide services is more limited than the use of information covered by Widget Brain's Data Processing Agreement.


Customer Information and Services Data

Customer Information is information that we may collect from your use of the Widget Brain website and your interactions with us offline (for example: exchange of datasets). We deal with customer information according to the terms of our Data Processing Agreement.


Services Data is data that resides on Widget Brain, customer or third-party systems to which Widget Brain is provided access to perform services (including Cloud environments as well as test, development and production environments that may be accessed to perform Widget Brain consulting and support services).


Widget Brain treats services data according to the terms of this policy, and treats services data as confidential in accordance with the terms of your order for services.


To illustrate the difference between customer information and services data, when a customer contracts with Widget Brain for Cloud services, the customer provides information about itself, including its name, address, billing information, and some employee contact information. Widget Brain may also collect other information about the customer and some employees, for example through its website, as part of that interaction. All of that information is customer information, and is treated according to Widget Brain's Data Processing Agreement.


In contrast, having contracted with Widget Brain for Cloud or other services, the customer provides Widget Brain access to its production, development or test environment, which may include personal information about its employees, customers, partners or suppliers (collectively "end users").


In short, the difference between customer information and service data is that Widget Brain collects customer information from their system en service data from systems that do not belong to Widget Brain, including systems owned by customers that Widget Brain has been provided access to.


How Widget Brain Collects and Uses Services Data

Below are the conditions under which Widget Brain may access, collect and/or use services data.


To Provide Services and to Fix Issues. Services data may be accessed and used to perform services relating to support, consulting, Cloud or other services and to confirm your compliance with the terms of your order. This may include testing and applying new product or system versions, patches, updates and upgrades; monitoring and testing system use and performance; and resolving bugs or other issues you have reported to Widget Brain. Any copies of services data created for these purposes are only maintained for time periods relevant to those purposes.


As a Result of Legal Requirements. Widget Brain may be required to retain or provide access to services data to comply with legally mandated reporting, disclosure or other legal process requirements.


Widget Brain may transfer and access services data globally as required for the purposes specified above. If Widget Brain hires subcontractors to assist in providing services, their access to services data will be consistent with the terms of your order for services and this privacy policy. Widget Brain is responsible for its subcontractors’ compliance with the terms of this policy and your order.


Widget Brain does not use services data except as stated above or in your order. Widget Brain may process services data, but does not control your collection or use practices for services data. If you provide any services data to Widget Brain, you are responsible for providing any notices and/or obtaining any consents necessary for Widget Brain to access, use, retain and transfer services data as specified in this policy and your order.


How Widget Brain Processes Personal Data

Under all circumstances, Widget Brain will only process a client’s personal data when a Data Processing Agreement has been signed by both the client and Widget Brain. In principle, these are the conditions under which Widget Brain may access, collect and/or use personal data:


To Provide Specific Services. Personal data may be used to perform specific services under your order and under an agreed upon Data Processing Agreement. This includes processing personal data for development and testing. Any copies of personal data created for these purposes are only maintained for time periods relevant to those purposes. Whenever possible, personal data is anonymized and shared only on a need-to-use basis.


Personal Data Owner Rights

Widget Brain’s services and applications are developed with respect to the 5 rights that data owners (in principle end users) have under GDPR. The implementation of these rights is agreed upon in the Data Protection Agreement:

  1. Right to consent
  2. Right to access
  3. Right to correct
  4. Right to be forgotten
  5. Right to data portability


Access Controls

Widget Brain's access to services data is based on job role/responsibility. Services data residing in Widget Brain-hosted systems is controlled via an access control list (ACL) mechanism, as well as the use of an account management framework. You control access to services data by your end users; end users should direct any requests related to their personal information to you.


Security and Breach Notification

Widget Brain is committed to the security of your services data, and has in place physical, administrative and technical measures designed to prevent unauthorized access to that information. Widget Brain security policies cover the management of security for both its internal operations as well as the services. These policies, which are aligned with the ISO/IEC 27001:2013 standard, govern all areas of security applicable to services and apply to all Widget Brain employees. Widget Brain's Support, Consulting and Cloud lines of business have developed detailed statements of security practices that apply to many of their service offerings, which are available for review at your request.


Widget Brain is also committed to reducing risks of human error, theft, fraud, and misuse of Widget Brain facilities. Widget Brain's efforts include making personnel aware of security policies and training employees to implement security policies. Widget Brain employees are required to maintain the confidentiality of services data. Employees' obligations include written confidentiality agreements, regular training on information protection, and compliance with company policies concerning protection of confidential information.


Widget Brain promptly evaluates and responds to incidents that create suspicions of unauthorized handling of services data. Widget Brain Legal is informed of such incidents and, depending on the nature of the activity, define escalation paths and response teams to address the incidents. If Widget Brain determines that your services data has been misappropriated (including by a Widget Brain employee) or otherwise wrongly acquired by a third party, Widget Brain will promptly report such misappropriation or acquisition to you.


Cross Border Transfers

Widget Brain is a company with operations in Europe, Australia and the United States of America. We have developed global data security practices designed to ensure that your personal information is appropriately protected. Please note that personal information may be transferred, accessed and stored globally as necessary in accordance with this privacy policy.


Widget Brain complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention when a customer and Widget Brain have agreed by contract that transfers of personal information from the European Economic Area (“EEA”) or Switzerland will be transferred and processed pursuant to the Privacy Shield for the relevant services. When conducting those activities on behalf of its EEA or Swiss customers, Widget Brain holds and/or processes personal information provided by the EEA or Swiss customer at the direction of the customer. Widget Brain will then be responsible for ensuring that third parties acting as an agent on our behalf do the same.


Cookie Policy

Widget Brain uses cookies on We are lawfully obliged to ask for your permission to make use of the cookies on our website. By continuing to using the website, you consent to the use of cookies on your device. Widget Brain and other third parties collect information from your visit, through cookies, in order provide you the best user experience on our website. By using cookies, we make sure that you see relevant content and the website is personalised to your preferences. You can disable the use of cookies, but parts of our website will not function correctly without them.


Dispute Resolution

If you have any complaints regarding our compliance with this privacy policy, you should first contact us. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with this privacy policy.


You have the right to file a complaint regarding our personal data processing with the Dutch Data Protection Agency (Autoriteit Persoonsgegevens).



If you believe your services data has been used in a way that is not consistent with this policy, or if you have further questions related to this policy, please contact Widget Brain at or visit Written inquiries may be addressed to:


Widget Brain B.V.

Marconistraat 16

3029 AK Rotterdam

The Netherlands