Privacy Policy

Alleo Privacy Policy

Version: 3.0
Effective Date: 4 April 2025

Introduction
At Alleo, we value your privacy. In this privacy policy, we explain which personal data we collect and how we handle it.

Who are we?
We are Alleo B.V., located at Omval 300, 1096 HP Amsterdam (“Alleo”). Alleo is the data controller for the processing activities described in this privacy policy. Alleo is the provider of an integrated platform that enables employees to personalise their secondary employment benefits.

If you have any questions about the processing of your personal data, or if you wish to submit a request regarding your data, you can send an email to privacy@alleo.nl.

Which personal data do we process?
Alleo may process the following personal data about you:

  • Your contact details (name, email address, and/or phone number) if you sign up for the Alleo newsletter on our website, request a demo of our platform, or fill out our contact form. We may also process your contact details if you share them with us at an event;
  • Your name, email address, and (optionally) payment information if you choose a benefit offered directly by Alleo on our benefits platform, such as a voucher for a specific product or service;
  • Your personal details (as stated on your CV), cover letter, educational background, and information about your work experience if you apply for a vacancy at Alleo.

For what purposes do we process personal data?

We process personal data for the following purposes:

  • To respond to inquiries you submit via a contact form. We process your personal data in this case based on our legitimate interest;
  • To send marketing communications about our services. In this case, we process your personal data on the basis of your explicit consent;
  • To provide vouchers or other benefits that we offer through our platform and to process payments for such benefits. In this case, we process your personal data to facilitate the performance of a contract;
  • To assess candidates for positions at Alleo. In this case, we process your personal data in this based on our legitimate interest in handling applications, and (optionally) your explicit consent if you agree to us storing your data beyond the application procedure, and contacting you when a suitable position opens up.

Where and how long do we process your personal data?

All your personal data is processed within the EU, specifically in the Netherlands and Ireland. We do not retain your data longer than necessary. Retention periods per category are as follows:

  • Contact details: Up to 1 year after the last contact;
  • Data related to the provision and payment of a benefit: 7 years to comply with our administrative obligations;
  • Application data: Up to 4 weeks after the application process ends, unless you give consent for us to retain it longer (e.g., for future vacancies).

Which processors do we use?
We use the services of a cloud hosting provider to host and make the personal data we process remotely accessible. This hosting provider is Amazon Web Services (AWS), which acts as a processor on our behalf. The AWS servers storing your personal data are located within the EU (Ireland or the Netherlands).

What are your rights?

You always have the right to:

  • Access your data;
  • Correct or delete your data;
  • Restrict or object to the use of your data; and
  • Withdraw your consent if previously given

Feel free to email us at privacy@alleo.nl if you wish to exercise any of your rights.

How we secure your data
We take appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or alteration. We are ISO27001 certified, ensuring a high level of information security.

Updates and amendments

We may amend this privacy policy, for example, if there is a change in the law or in how we process personal data. If we make changes to this policy, we will publish a new version of the privacy policy on our website. Check our website occasionally to see if anything has changed.