PRIVACY STATEMENT

ADDRESSLY

Last updated: 31-12-2025

This Privacy Statement explains how Addressly ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use our software-as-a-service platform ("Service"). We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and the Dutch Implementation Act (UAVG), as well as other applicable data protection laws.

1. Controller Information

Addressly

Address: Westerstraat 10 UNIT C1808, 3016DH Rotterdam

Chamber of Commerce (KvK): 99089068

Email: support@addressly.nl

If you have questions about this Privacy Statement or wish to exercise your rights, please contact us at support@addressly.nl.

2. Personal Data We Collect

We collect the following categories of personal data:

2.1 Account and Identity Data

  • Email address (required for account creation and login)
  • First name and last name
  • Phone number (required for account security and customer support)
  • Verification codes (temporary, used for email verification)

2.2 Housing Preferences Data

  • Preferred cities and postal codes
  • Preferred neighborhoods
  • Maximum rental price
  • Number of rooms and bedrooms
  • Minimum surface area (mยฒ)
  • Furnishing preferences (furnished, unfurnished, or no preference)
  • Preferences for balcony and garden
  • Rental agreement type preference (indefinite or temporary)
  • Occupation status (working or studying)
  • Age

2.3 Email Integration Data

  • Connected email account address (via OAuth with Google or Microsoft)
  • Email provider (Google or Microsoft)
  • Email logs, including:
    • Recipient email addresses
    • Email subjects
    • Property addresses for which emails were sent
    • Email status (sent or failed)
    • Error messages (if email sending failed)
    • Timestamps of email activity

2.4 Payment and Subscription Data

  • Subscription status (active, canceled, suspended, etc.)
  • Payment history and transaction records
  • Payment amounts and dates
  • Payment and subscription reference data
  • Billing period information

2.5 Service Usage and Feedback Data

  • Onboarding progress and completion status
  • Email notification preferences (enabled/disabled)
  • Service discovery information (how you found our service)
  • Poll responses and feedback (if you choose to participate)
  • Account activity timestamps

2.6 Technical Data

  • Session data (standard web session cookies for authentication)
  • Standard server logs for security and troubleshooting

3. How We Use Your Personal Data

We use your personal data for the following purposes:

3.1 Service Provision

  • To create and manage your account
  • To authenticate and verify your identity
  • To store and process your housing preferences
  • To match available rental properties with your preferences
  • To send automated viewing request emails on your behalf
  • To manage your subscription and process payments

Addressly uses internal systems to automatically search for and match rental properties based on your preferences.

3.2 Email Integration

  • To connect your email account via OAuth (Google or Microsoft)
  • To display your connected email address on your dashboard for your reference
  • To send viewing request emails from your connected email address
  • To log email activity for your reference
  • To log email delivery errors internally for troubleshooting purposes

3.3 Communication

  • To send verification codes for account access
  • To notify you about matching properties
  • To send service-related updates and notifications
  • To respond to your inquiries and support requests

3.4 Service Improvement

  • To analyze service usage and improve our platform
  • To conduct surveys and collect feedback (with your consent)
  • To troubleshoot technical issues
  • To ensure security and prevent fraud

3.5 Legal Compliance

  • To comply with legal obligations
  • To enforce our Terms of Service
  • To protect our rights and the rights of our users

4. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

  • Contract Performance: Processing necessary to provide our Service, including account management, preference matching, and email sending.
  • Legitimate Interests: Processing for service improvement, security, fraud prevention, and business operations. We have weighed our legitimate interests against your privacy rights and found the processing to be proportionate and necessary.
  • Consent: For optional features such as feedback surveys and service discovery polls.
  • Legal Obligation: To comply with applicable laws and regulations, including tax and accounting requirements.

5. Data Sharing and Third-Party Services

We share your personal data with the following third-party service providers:

5.1 Google and Microsoft (Email Integration)

We use Google Gmail API and Microsoft Graph API directly to facilitate OAuth connections with your email provider and to send emails on your behalf. We store OAuth tokens securely in our database. Google and Microsoft process your email account information according to their respective privacy policies. For more information, see Google's privacy policy and Microsoft's privacy policy.

5.2 Mollie (Payment Processing)

We use Mollie to process subscription payments. Mollie receives payment information and transaction data. Mollie is PCI-DSS compliant and acts as a data processor. We do not store your full payment card details. For more information, see Mollie's privacy policy.

5.3 OpenAI (Email Generation)

We use OpenAI's API to generate personalized viewing request emails. We send your name, work status, and property address to OpenAI for email generation. OpenAI acts as a data processor. If data is processed outside the EEA, appropriate safeguards such as Standard Contractual Clauses approved by the European Commission apply. For more information, see OpenAI's privacy policy.

5.4 Google Analytics and Google Tag Manager (Website Analytics)

With your consent, we use Google Analytics and Google Tag Manager to understand how visitors interact with our website. Google Analytics collects anonymized data about website usage, including pages visited, time spent on pages, and how visitors arrived at our website. Google Tag Manager is a tag management system that helps us manage and deploy marketing and analytics tags. Google acts as a data processor for this service. Data is processed in accordance with Google's privacy policy. You can opt out of analytics cookies at any time. For more information, see Google's privacy policy.

5.5 Taggrs.io (Server-Side Tracking)

With your consent, we use Taggrs.io for server-side tracking and analytics. Taggrs.io is a server-side tracking solution that helps us understand how visitors interact with our website. Taggrs.io may collect information about pages you visit, website usage patterns, and technical information about your device and browser. If you are logged in to your account and have given consent for analytics cookies, we may also share your personal identifiers (first name, last name, email address, and phone number) with Taggrs.io through our dataLayer for tracking and analytics purposes. Taggrs.io acts as a data processor and processes data in accordance with our instructions and applicable data protection laws. Taggrs.io only loads if you have given consent for analytics cookies. If you deny analytics cookies, Taggrs.io will not load and no personal identifiers will be shared. For more information, see Taggrs.io's privacy policy.

5.6 Other Service Providers

We may use other service providers for hosting, analytics, and technical support. These providers are bound by data processing agreements and may only process your data as instructed by us.

5.7 Legal Requirements

We may disclose your personal data if required by law, court order, or governmental authority, or to protect our rights, property, or safety, or that of our users.

6. Data Retention

We retain your personal data for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Statement:

  • Account Data: Retained while your account is active and for up to 2 years after account deletion for legal and accounting purposes.
  • Email Logs: Retained for 2 years to allow you to review your email activity.
  • Payment Data: Retained for 7 years as required by Dutch tax and accounting laws.
  • Verification Codes: Deleted immediately after use or expiration.
  • Feedback and Poll Data: Retained for service improvement purposes for as long as necessary to fulfill these purposes, unless you request deletion.

You can request deletion of your account and personal data at any time by contacting us at support@addressly.nl. We will delete your data within 30 days, except where we are required to retain it by law.

7. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of Access: You can request a copy of all personal data we hold about you.
  • Right to Rectification: You can request correction of inaccurate or incomplete data.
  • Right to Erasure: You can request deletion of your personal data ("right to be forgotten").
  • Right to Restrict Processing: You can request that we limit how we use your data.
  • Right to Data Portability: You can request a copy of your data in a machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests.
  • Right to Withdraw Consent: If processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, please contact us at support@addressly.nl. We will respond to your request within 30 days.

You also have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) if you believe we have not handled your personal data in accordance with GDPR.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit (HTTPS/TLS)
  • Encryption of sensitive data at rest
  • Secure authentication and access controls
  • Regular security assessments and updates
  • Limited access to personal data on a need-to-know basis
  • Regular backups and disaster recovery procedures

While we strive to protect your data, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard security practices.

9. International Data Transfers

Some of our third-party service providers may process your data outside the European Economic Area (EEA). When we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

10. Cookies and Tracking

Functional Cookies

We use functional cookies that are necessary for the proper functioning of our Service.

These cookies are used to:

  • Protect the Service against security risks (CSRF protection)
  • Remember your language preference
  • Maintain your session

Analytics Cookies (Optional)

With your consent, we use Google Analytics and Google Tag Manager to understand how visitors interact with our website.

Google Analytics collects information about:

  • Pages you visit
  • Time spent on pages
  • How you arrived at our website

Google Tag Manager is a tag management system that helps us manage and deploy marketing and analytics tags on our website. It only loads if you have given consent for analytics cookies.

These analytics cookies are optional and require your explicit consent. You can accept or deny analytics cookies at any time. If you deny, no analytics cookies will be set and Google Analytics and Google Tag Manager will not load.

Server-Side Tracking (Optional)

With your consent, we also use Taggrs.io for server-side tracking and analytics. Taggrs.io is a server-side tracking solution that helps us understand how visitors interact with our website. Taggrs.io may collect information about pages you visit, website usage patterns, and technical information about your device and browser. If you are logged in to your account and have given consent for analytics cookies, we may also share your personal identifiers (first name, last name, email address, and phone number) with Taggrs.io through our dataLayer for tracking and analytics purposes. Taggrs.io acts as a data processor and processes data in accordance with our instructions and applicable data protection laws. Taggrs.io only loads if you have given consent for analytics cookies. If you deny analytics cookies, Taggrs.io will not load and no personal identifiers will be shared.

For more detailed information about our use of cookies, please see our Cookie Policy.

11. Children's Privacy

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately at support@addressly.nl.

12. Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

  • Posting the updated Privacy Statement on our website
  • Sending an email notification to your registered email address
  • Displaying a notice on our Service

The "Last updated" date at the top of this Privacy Statement indicates when it was last revised. Continued use of our Service after changes constitutes acceptance of the updated Privacy Statement.

13. Contact Us

If you have questions, concerns, or wish to exercise your rights regarding this Privacy Statement or your personal data, please contact us:

Email: support@addressly.nl

Address: Westerstraat 10 UNIT C1808, 3016DH Rotterdam

This Privacy Statement is governed by the laws of the Netherlands.