Siilo takes data privacy and security very serious. We take all usual technical measures to prevent unauthorised access to your data on our servers. For all clarity with regard to messages sent over Siilo; because all data sent by users is encrypt and only readable by the device of each receiver, no other party including Siilo, can decrypt any of this data. Finally, we will never sell or provide your personal data to third parties without your consent, other then required by law.
Who controls the processing of your personal data?
Siilo Holding B.V., located at Keizersgracht 585, 1017 DR Amsterdam, the Netherlands, or a designated group company is the controller responsible for the processing of your personal data.
Need to contact us?
You can contact Siilo Holding B.V.:
- with the contact form on www.siilo.com
- by e‑mail to firstname.lastname@example.org
- by mail to Siilo Holding B.V., Privacy Department, Keizersgracht 585, 1017 DR Amsterdam, The Netherlands
Providing your personal data is not compulsory
Providing personal data is never compulsory. You can always decide whether or not to provide personal data. However, in order to be able to make use of a number of our services the provision of personal data is necessary. If we ask for the input of personal data, we will indicate which data are necessary to make use of the service and therefore must be provided, and which data can be provided optionally.
Which personal data do we process?
When we provide our products and services we may process your personal data. This could include the following personal data:
- your name
- your work address(es), phone number(s) and email address(es)
- your profession, medical registration number and other information you provide in your profile (the other information is optional)
- pictures (including your profile picture) uploaded by you (optional)
- data about your interests and preferences as a user of our website, app, products and services (optional)
- financial data relating to orders and payments to us and to you
- data regarding your visit to our website and app, including URL, IP-address, browser type, language, date, time and duration of your visit
- data on the status and identity of your mobile device
- Phonenumbers from your address book on your phone (optional)
For a more extensive insight in the current data we process, please see our Privacy Impact Assessment (PIA).
Address Book Data
Only with your explicit permission, we will collect the phone numbers of your contact lists and/or address book (“Address Book Data”). So no other contact information, such as the names that correspond with the phone numbers or email addresses, will be collected or used. The collection of the phone numbers allows us to match users of Siilo and place them in appropriate user groups. As such, we may indicate who of your connections are also users of Siilo, and likewise we may indicate to your connections the same regarding you. This feature allows you to connect with other users of Siilo and allows other users of Siilo to communicate directly with each other. In order to do this, and to make sure we give users the most up-to-date information, we will periodically check for updates to your contact lists and/or address book data. Address Book Data (if the user has given permission) is only transmitted to the server in hashed form and additionally protected using industry standard transport layer security. Only Address Book Data that has been matched will be stored (in hashed form). Address Book Data of non-users will not be stored. No Address Book Data will be given to third parties or used for advertising purposes.
By default, when users send messages over Siilo, we may temporarily store the messages and other related data (“Message Data”) in order to ensure delivery to all receivers. After delivery, the Message Data will be deleted from our servers and only be available on the device of sender and receivers. Users can opt-in for using additional Siilo services (e.g. Siilo Web Messenger) that require for their correct workings that the Message Data of the user is also stored on our servers.
Your Message Data will by default be unavailable after 30 days, or longer if you or your organisation has chosen an alternate period. Your Message Data will be permanently deleted from our servers after a necessary limited reasonable retention period, required for system back-up reasons. After its deletion your Message Data cannot be retrieved. Message Data held by other users is governed by the same policy.
Messages are end-to-end encrypted. Siilo has no way to decrypt messages of users because it does not have knowledge of their private keys. Private keys of users are never stored on our servers. The encrypted messages and media (images, videos etc.) are not retained any longer than necessary for correct functioning of Siilo. To prevent eavesdropping by third parties (e.g. in open wireless LANs), all data traffic between our servers and the devices of our users is encrypted by the use of https (TLS 1.2). In addition to that, text in messages are end-to-end encrypted with the so called ‘crypto_box’ of NACl (https://nacl.cr.yp.to/) and the server has not access to the required private keys.
Although messages are securely sent and received through the Service, it is in all cases and always the user’s responsibility to determine if the receiver(s) is/are authorised to receive any possibly privacy sensitive information, like for example medical information that is reducible to a specific patient. Users are therefore responsible and liable for information they send to other users. Siilo cannot be held responsible or liable for any privacy sensitive information sent through the Service by users without the required authorisation.
For what purposes do we process your personal data?
Your personal data may be processed for the following purposes:
- to provide you with access to our website and app, whether or not based on your registration as a user
- for showing whom of your connections from your address book or contact list also use Siilo
- for the entering into and implementation of an agreement concluded with you
- to provide you with, and adapt to your preferences regarding, the agreed services, products and/or information
- to send you a newsletter, user information or a service message
- to enable you to view and share with others, including your organisation, user data in the app or on the website
- to enable interaction with other users, and to invite others to make use of Siilo
- to enable you to provide and exchange information on the website or in the app
- to improve the quality, safety and usability of our website and app and to combat fraud
- to comply with the rules and regulations imposed on us and for dealing with disputes
To the extent that the processing listed above requires your permission, we will request such permission in advance. You can always revoke such permission.
Your personal data will not be used for purposes other than those listed above.
For a more extensive insight in the purpose we process your personal data, please see our Privacy Impact Assessment (PIA).
Lawful basis for processing
We may process personal data because we have a legitimate interest in doing so. This means that we are allowed to process personal data if such processing is necessary for our business activities, as long as your privacy does not override that interest. We may also process personal data because it is necessary for a contract we have with you, or to comply with legal obligations. In those cases in which we need your consent for processing we will not process that personal data until we have obtained your consent, and we will discontinue processing that data in case you withdraw your consent.
Data processing in the Netherlands and abroad
Your personal data will only be stored and processed in countries where this is allowed under European Union’s GDPR.
Third Party Websites
Cookies are small text files that are stored by your browser. Below we briefly explain what cookies we use and do not use for our website, and what their purpose is.
Functional cookies store simple anonymised data to allow functions such as login on the website to work properly. These cookies are necessary for modern web applications such as the Siilo Web Messenger to function properly and securely.
Analytical cookies collect statistics of the users of the website, to enable us to constantly improve your user experience. These cookies do not directly impact the user experience and many browsers provide a mechanism to opt out of them. If you want to block cookies, adjust your browser settings.
Cross Site/Domain cookies are used for identifying a user across multiple websites for tracking purposes. Siilo may receive these cookies from third party websites to determine how users arrived on our website. However, our website does not place these type of cookies on the computer of users to track them after they have left the Siilo website.
You can delete cookies that are already installed. How to adjust your settings varies by browser. Please consult the help function of your browser.
Security and retention
We have taken appropriate technical and organisational measures to protect your personal data against loss or any form of unlawful processing. We will not retain or keep your data longer than allowed by law, required by law and/or necessary for the purposes for which the data are processed. The retention period therefore depends on the nature of the data and the purposes for which the data is processed. Retention periods may vary accordingly.
Inspection, correction and deletion
You have the right to know which personal data we keep regarding you, to inspect such data, and to request rectification or erasure. You also have the right to request restriction of processing or to object to processing, as well as the right to data portability. You can send an email or a letter to our Data Protection Officer with your name and contact information to email@example.com or to Siilo Holding B.V., Privacy Department, Keizersgracht 585, 1017 DR Amsterdam, The Netherlands. In your request, please specify as much as possible which personal data you refer to. In general, we will respond within four weeks to a request for inspection or correction. In case of a deletion request we will delete the personal data as soon as possible, unless and to the extent that the law requires us to keep the personal data or if there are other compelling reasons to oppose removal. After the execution of a deletion request we will send you a message of confirmation. If the personal data is (partially) not deleted, we will send you a message in which we explain why your request could not (fully) be met. If we cannot identify which personal data are meant by a request for inspection, correction or deletion, we may ask you to specify your request in more detail. We suspend the execution of the request until you have provided us with such detailed specification.
You always have the right to lodge a complaint with the supervisory privacy authority in your country of residence or in the Netherlands.
Amendment and version